Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2021-20218 Vulnerability in maven package io.fabric8:kubernetes-client

CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix

CVE-2019-1003068 Vulnerability in maven package com.inkysea.vmware.vra:vmware-vrealize-automation-plugin

CVE-2011-4838 Vulnerability in maven package org.jruby:jruby

CVE-2022-36885 Vulnerability in maven package com.coravy.hudson.plugins.github:github

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other