Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000148 Vulnerability in maven package org.jenkins-ci.plugins:copy-to-slave

Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2021-31805 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2011-2731 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2015-8103 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-29507 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory