PT-2019-11830 · Jenkins · Jenkins Google Oauth Credentials Plugin+1
Daniel Beck
+2
·
Published
2019-10-16
·
Updated
2023-10-25
·
CVE-2019-10436
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Google OAuth Credentials Plugin version 0.9 and earlier
Description
The issue allows attackers who can configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master due to an arbitrary file read vulnerability.
Recommendations
For Jenkins Google OAuth Credentials Plugin version 0.9 and earlier, update to a version later than 0.9 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Google Oauth Credentials Plugin