GHSA-47rr-8vrp-9283

Source

https://github.com/advisories/GHSA-47rr-8vrp-9283

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47rr-8vrp-9283/GHSA-47rr-8vrp-9283.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-47rr-8vrp-9283

Aliases

CVE-2019-10375

Published

2022-05-24T16:52:45Z

Modified

2024-02-16T07:56:12.998996Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Arbitrary file read vulnerability in Jenkins File System SCM Plugin

Details

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

Database specific

{
    "nvd_published_at": "2019-08-07T15:15:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T21:23:57Z"
}

References

Affected packages

Maven / hudson.plugins.filesystem_scm:filesystem_scm

Package

Name: hudson.plugins.filesystem_scm:filesystem_scm; View open source insights on deps.dev
Purl: pkg:maven/hudson.plugins.filesystem_scm/filesystem_scm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.1

Affected versions

1.*

1.5

1.6

1.7

1.8

1.9

1.10

1.20

1.21-alpha-1

1.21-alpha-2

2.*

2.0

2.1