Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Related Vulnerabilities
CVE-2019-10333 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger-hive-utils
CVE-2019-10294 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins