Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2023-25653 Vulnerability in maven package org.webjars.npm:node-jose

CVE-2023-40167 Vulnerability in maven package org.eclipse.jetty:jetty-http

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory