Описание
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
7.5 High
CVSS3