CVE-2020-2139

Name of the Vulnerable Software and Affected Versions Jenkins Cobertura Plugin versions 1.15 and earlier

Description The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write vulnerability. The Cobertura Plugin 1.16 sanitizes the file paths to prevent escape from the base directory, indicating that versions prior to 1.16 are affected.

Recommendations For Jenkins Cobertura Plugin versions 1.15 and earlier, update to version 1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the coverage report file contents to minimize the risk of exploitation.