Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2023-28680 Vulnerability in maven package org.jenkins-ci.plugins:crap4j

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2023-50779 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript

CVE-2019-11272 Vulnerability in maven package org.springframework.security:spring-security-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other