Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2022-41252 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

CVE-2023-43256 Vulnerability in npm package gladys

CVE-2020-13928 Vulnerability in maven package org.apache.atlas:apache-atlas

CVE-2020-2261 Vulnerability in maven package org.jenkins-ci.plugins:perfecto

CVE-2019-12086 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other