Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2015-8854 Vulnerability in npm package marked

CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot-server

CVE-2023-29015 Vulnerability in maven package io.goobi.viewer:viewer-core

CVE-2023-49674 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other