Description

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583

Related Vulnerabilities

CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider

CVE-2022-36885 Vulnerability in maven package com.coravy.hudson.plugins.github:github

CVE-2022-43402 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps

CVE-2015-8854 Vulnerability in maven package org.webjars.bower:marked

CVE-2014-0112 Vulnerability in maven package org.apache.struts.xwork:xwork-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory NVD-CWE-Other