Medium severity5.3NVD Advisory· Published Feb 16, 2018· Updated Jun 17, 2026
CVE-2018-1000068
CVE-2018-1000068
Description
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.89.4 | 2.89.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.90, < 2.107 | 2.107 |
Affected products
1Patches
Vulnerability mechanics
References
6- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-x6jw-2f23-mc5jghsaADVISORY
- jenkins.io/security/advisory/2018-02-14/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000068ghsaADVISORY
- www.securityfocus.com/bid/103101nvdBroken LinkWEB
- github.com/jenkinsci/jenkins/commit/8830d68f5fe21f344be3496984bc4470bfcd0564ghsaWEB
News mentions
0No linked articles in our index yet.