Описание
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | jenkins-plugin-ssh-credentials | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1596122jenkins-plugin-ssh-credentials: Arbitrary file read vulnerability in SSH Credentials Plugin with Credentials Binding Plugin (SECURITY-440)
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 7 лет назад
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
CVSS3: 6.5
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
6.5 Medium
CVSS3