Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2019-1003077 Vulnerability in maven package org.jenkins-ci.plugins:audit2db

CVE-2021-43849 Vulnerability in npm package cordova-plugin-fingerprint-aio

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk15on

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other