PT-2019-11771 · Jenkins · Jenkins File System Scm Plugin+1
David Fiser
·
Published
2019-08-07
·
Updated
2023-10-25
·
CVE-2019-10375
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins File System SCM Plugin version 2.1 and earlier
Description
The issue allows attackers who can configure jobs in Jenkins to read the contents of any file on the Jenkins master. This is due to an arbitrary file read vulnerability.
Recommendations
For Jenkins File System SCM Plugin version 2.1 and earlier, update to a version later than 2.1 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins File System Scm Plugin