Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

Related Vulnerabilities

CVE-2020-15119 Vulnerability in maven package org.webjars.npm:auth0-lock

CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream

CVE-2021-42575 Vulnerability in maven package com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer

CVE-2019-16869 Vulnerability in maven package io.netty:netty-codec-http

CVE-2020-7684 Vulnerability in npm package rollup-plugin-serve

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory