Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Related Vulnerabilities
CVE-2020-11002 Vulnerability in maven package io.dropwizard:dropwizard-validation
CVE-2021-44908 Vulnerability in npm package sails
CVE-2016-10682 Vulnerability in npm package massif
CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper