Description
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545
Related Vulnerabilities
CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimaj-examples
CVE-2020-2128 Vulnerability in maven package com.catalogic.ecxjenkins:catalogic-ecx
CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2019-1003006 Vulnerability in maven package org.jenkins-ci.plugins:groovy
CVE-2020-25803 Vulnerability in maven package org.craftercms:crafter-studio