Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex

CVE-2021-43980 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2020-5428 Vulnerability in maven package org.springframework.cloud:spring-cloud-task-core

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.utilities

CVE-2020-2193 Vulnerability in maven package io.jenkins.plugins:echarts-api

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other