Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2018-1000409 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-1965 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_3

CVE-2013-1966 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-5217 Vulnerability in npm package electron

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other