CVE-2020-2275

Опубликовано: 16 сент. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

Ссылки

http://www.openwall.com/lists/oss-security/2020/09/16/3
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1966
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/09/16/3
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1966
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:copy_data_to_workspace:*:*:*:*:*:jenkins:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 81%

0.01511

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-2f4c-8rp6-fh6q