Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-36887 Vulnerability in maven package org.jenkins-ci.plugins:jobconfighistory

CVE-2020-7743 Vulnerability in maven package org.webjars.bower:mathjs

CVE-2020-2322 Vulnerability in maven package io.jenkins.plugins:chaos-monkey

CVE-2019-1003093 Vulnerability in maven package org.jenkins-ci.plugins:nomad

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other