Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2019-19771 Vulnerability in npm package degbu

CVE-2014-4611 Vulnerability in maven package net.jpountz.lz4:lz4

CVE-2020-28168 Vulnerability in maven package org.webjars.bower:axios

CVE-2022-41915 Vulnerability in maven package io.netty:netty-codec

CVE-2020-7690 Vulnerability in npm package jspdf

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other