Medium severity6.5NVD Advisory· Published Jun 26, 2018· Updated Jun 17, 2026
CVE-2018-1000607
CVE-2018-1000607
Description
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:fortify-cloudscan-jenkins-pluginMaven | < 1.5.2 | 1.5.2 |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-8864-pwhg-3mp2ghsaADVISORY
- jenkins.io/security/advisory/2018-06-25/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000607ghsaADVISORY
News mentions
0No linked articles in our index yet.