Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2018-1000153 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud

CVE-2018-12585 Vulnerability in maven package org.opcfoundation.ua:opc-ua-stack

CVE-2020-6463 Vulnerability in npm package electron

CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory