Description
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610
Related Vulnerabilities
CVE-2022-27200 Vulnerability in maven package io.jenkins.plugins:folder-auth
CVE-2017-3164 Vulnerability in maven package org.apache.solr:solr-core
CVE-2022-34210 Vulnerability in maven package org.jenkins-ci.plugins:threadfix
CVE-2019-10402 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard-impl