Description
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545
Related Vulnerabilities
CVE-2020-2091 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2023-35931 Vulnerability in npm package shescape
CVE-2024-4367 Vulnerability in maven package org.webjars.bower:pdfjs-dist
CVE-2023-29204 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore