Description

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

Remediation

References

http://www.securityfocus.com/bid/106176

https://access.redhat.com/errata/RHBA-2019:0024

https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904

Related Vulnerabilities

CVE-2019-19919 Vulnerability in maven package org.webjars.bower:handlebars

CVE-2019-10095 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2014-7205 Vulnerability in npm package bassmaster

CVE-2016-10599 Vulnerability in npm package sauce-connect

CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory