Описание
Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Пакеты
Наименование
org.jenkins-ci.plugins:copy-to-slave
maven
Затронутые версииВерсия исправления
<= 1.4.4
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.