WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000148 Vulnerability in maven package org.jenkins-ci.plugins:copy-to-slave

Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc

CVE-2019-10342 Vulnerability in maven package io.jenkins.docker:docker-plugin

CVE-2020-15138 Vulnerability in maven package org.webjars.npm:prismjs

CVE-2017-3164 Vulnerability in maven package org.apache.solr:solr-core

CVE-2015-8857 Vulnerability in maven package org.webjars.npm:uglify-js

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory