Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2022-36060 Vulnerability in npm package matrix-react-sdk

CVE-2019-10080 Vulnerability in maven package org.apache.nifi:nifi-lookup-services-bundle

CVE-2023-24425 Vulnerability in maven package com.cloudbees.jenkins.plugins:kubernetes-credentials-provider

CVE-2013-2186 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2023-32994 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other