Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2023-32007 Vulnerability in maven package org.apache.spark:spark-core_2.13

CVE-2022-0686 Vulnerability in npm package url-parse

CVE-2021-21119 Vulnerability in npm package electron

CVE-2021-25864 Vulnerability in npm package node-red-contrib-huemagic

CVE-2021-41079 Vulnerability in maven package org.apache.tomcat:tomcat

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other