Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

Related Vulnerabilities

CVE-2023-46657 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook

CVE-2020-15215 Vulnerability in npm package electron

CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-core-client

CVE-2020-16024 Vulnerability in npm package electron

CVE-2021-43138 Vulnerability in maven package org.webjars.bowergithub.caolan:async

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory