Description

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569

Related Vulnerabilities

CVE-2020-7639 Vulnerability in npm package eivindfjeldstad-dot

CVE-2019-10158 Vulnerability in maven package org.infinispan:infinispan-spring5-common

CVE-2017-3164 Vulnerability in maven package org.apache.solr:solr-core

CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin

CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc-dubbo

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other