CVE-2020-2139 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

Related Vulnerabilities

CVE-2007-4556 Vulnerability in maven package opensymphony:xwork

CVE-2016-10539 Vulnerability in npm package negotiator

CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega

CVE-2021-23624 Vulnerability in npm package dotty

CVE-2018-3258 Vulnerability in maven package mysql:mysql-connector-java

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N