CVE-2018-1000148 – org.jenkins-ci.plugins:copy-to-slave

Package

Manager: maven
Name: org.jenkins-ci.plugins:copy-to-slave
Vulnerable Version: >=0 <=1.4.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28225

Details

Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Metadata

Created: 2022-05-14T03:23:41Z
Modified: 2024-01-30T22:38:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9jrh-hch8-rr5c/GHSA-9jrh-hch8-rr5c.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-9jrh-hch8-rr5c
Finding: F038
Auto approve: 1