Description

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Remediation

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

http://www.openwall.com/lists/oss-security/2020/03/09/1

Related Vulnerabilities

CVE-2023-43794 Vulnerability in npm package nocodb

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_3

CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core

CVE-2023-41037 Vulnerability in maven package org.webjars.bowergithub.openpgpjs:openpgpjs

CVE-2011-5057 Vulnerability in maven package org.apache.struts:struts2-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Third Party Advisory