Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2018-8014 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

CVE-2019-11777 Vulnerability in maven package org.eclipse.paho:org.eclipse.paho.client.mqttv3

CVE-2013-2160 Vulnerability in maven package org.apache.cxf:cxf-api

CVE-2019-1003051 Vulnerability in maven package org.jvnet.hudson.plugins:ircbot

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other