Description
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440
Related Vulnerabilities
CVE-2018-16131 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2011-3376 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-46688 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit
CVE-2020-11974 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao
CVE-2012-1154 Vulnerability in maven package org.jboss.native:mod-cluster