Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Related Vulnerabilities
CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline
CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership
CVE-2016-10538 Vulnerability in maven package org.webjars.npm:cli
CVE-2020-26237 Vulnerability in maven package org.webjars.bowergithub.highlightjs:highlight.js