Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
http://www.openwall.com/lists/oss-security/2020/03/09/1
Related Vulnerabilities
CVE-2017-1000388 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view
CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2021-21341 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-16017 Vulnerability in npm package electron
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal