Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2019-7611 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2019-12400 Vulnerability in maven package org.apache.santuario:xmlsec

CVE-2020-26882 Vulnerability in maven package com.typesafe.play:play-java

CVE-2012-4387 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2018-1999037 Vulnerability in maven package org.jenkins-ci.plugins:resource-disposer

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory