Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2020-2113 Vulnerability in maven package org.jenkins-ci.tools:git-parameter

CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2023-22894 Vulnerability in npm package @strapi/strapi

CVE-2020-6451 Vulnerability in npm package electron

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other