Description

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545

Related Vulnerabilities

CVE-2019-1003094 Vulnerability in maven package org.jenkins-ci.plugins:open-stf

CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_3

CVE-2022-34189 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter

CVE-2017-15684 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2018-1000185 Vulnerability in maven package org.jenkins-ci.plugins:github-branch-source

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory