Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2023-28677 Vulnerability in maven package org.jenkins-ci.plugins:convert-to-pipeline

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2019-16303 Vulnerability in npm package generator-jhipster

CVE-2016-6636 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2023-37478 Vulnerability in npm package @pnpm/linux-x64

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other