Description
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440
Related Vulnerabilities
CVE-2018-15756 Vulnerability in maven package org.springframework:spring-web
CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink
CVE-2016-10006 Vulnerability in maven package org.owasp.antisamy:antisamy
CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote