Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite > High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-23	CVE-2018-1999001	A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. network low complexity jenkins oracle	8.8
2018-06-05	CVE-2018-1000194	Path Traversal vulnerability in multiple products A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. network low complexity jenkins oracle CWE-22	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.