Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Related Vulnerabilities
CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2016-10648 Vulnerability in npm package marionette-socket-host
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab
CVE-2021-23430 Vulnerability in npm package startserver
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid