Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2020-6452 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-34177 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-input-step

CVE-2009-2902 Vulnerability in maven package tomcat:catalina

CVE-2014-3529 Vulnerability in maven package org.apache.poi:poi-ooxml

CVE-2022-45064 Vulnerability in maven package org.apache.sling:org.apache.sling.engine

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other