Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2019-10390 Vulnerability in maven package com.splunk.splunkins:splunk-devops

CVE-2022-39944 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc

CVE-2019-19771 Vulnerability in npm package babel-loadre

CVE-2019-19919 Vulnerability in maven package li.rudin.mavenjs:handlebars

CVE-2019-1010266 Vulnerability in npm package lodash

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other