Description
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Related Vulnerabilities
CVE-2023-46657 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2020-15215 Vulnerability in npm package electron
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2020-16024 Vulnerability in npm package electron
CVE-2021-43138 Vulnerability in maven package org.webjars.bowergithub.caolan:async