Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2020-1928 Vulnerability in maven package org.apache.nifi:nifi-web-api

CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc

CVE-2020-7599 Vulnerability in maven package com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin

CVE-2016-0956 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post

CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory