Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher

CVE-2020-8823 Vulnerability in npm package sockjs

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2022-34808 Vulnerability in maven package org.jenkins-ci.plugins:cisco-spark

CVE-2020-13935 Vulnerability in maven package org.apache.tomcat:tomcat-websocket

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other