Описание
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.13 (включая)
cpe:2.3:a:jenkins:ssh_credentials:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
redhat
больше 7 лет назад
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
CVSS3: 6.5
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
EPSS
Процентиль: 54%
0.00316
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200