Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

Related Vulnerabilities

CVE-2019-10333 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator

CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger-hive-utils

CVE-2019-10294 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins

CVE-2020-7639 Vulnerability in npm package @eivifj/dot

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory