Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/09/1

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

Related Vulnerabilities

CVE-2021-23449 Vulnerability in npm package vm2

CVE-2020-28450 Vulnerability in npm package decal

CVE-2020-7597 Vulnerability in npm package codecov

CVE-2014-3120 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Vendor Advisory