CVE-2019-10375 – hudson.plugins.filesystem_scm:filesystem_scm

Package

Manager: maven
Name: hudson.plugins.filesystem_scm:filesystem_scm
Vulnerable Version: >=0 <=2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0027 pctl0.50161

Details

Arbitrary file read vulnerability in Jenkins File System SCM Plugin An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Metadata

Created: 2022-05-24T16:52:45Z
Modified: 2024-01-30T21:23:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47rr-8vrp-9283/GHSA-47rr-8vrp-9283.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-47rr-8vrp-9283
Finding: F063
Auto approve: 1