Description
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545
Related Vulnerabilities
CVE-2020-1928 Vulnerability in maven package org.apache.nifi:nifi-web-api
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc
CVE-2016-0956 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server