PT-2019-11771 · Jenkins · Jenkins File System Scm Plugin+1

David Fiser

Publicado

2019-08-07

Atualizado

2023-10-25

CVE-2019-10375

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins File System SCM Plugin version 2.1 and earlier

Description The issue allows attackers who can configure jobs in Jenkins to read the contents of any file on the Jenkins master. This is due to an arbitrary file read vulnerability.

Recommendations For Jenkins File System SCM Plugin version 2.1 and earlier, update to a version later than 2.1 to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2019-10375

GHSA-47RR-8VRP-9283

Produtos afetados

Jenkins

Jenkins File System Scm Plugin

PT-2019-11771 · Jenkins · Jenkins File System Scm Plugin+1

CVE-2019-10375

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5