Description
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/09/16/3
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20%281%29
Related Vulnerabilities
CVE-2023-26158 Vulnerability in npm package mockjs
CVE-2019-9518 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2019-1003093 Vulnerability in maven package org.jenkins-ci.plugins:nomad
CVE-2017-12610 Vulnerability in maven package org.apache.kafka:kafka_2.11
CVE-2021-28100 Vulnerability in maven package com.netflix.priam:priam