GHSA-8qh4-fghr-6fxg

Source

https://github.com/advisories/GHSA-8qh4-fghr-6fxg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8qh4-fghr-6fxg/GHSA-8qh4-fghr-6fxg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8qh4-fghr-6fxg

Aliases

CVE-2019-10436

Published

2022-05-24T16:58:49Z

Modified

2023-11-08T04:00:51.355828Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin

Details

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Database specific

{
    "nvd_published_at": "2019-10-16T14:15:00Z",
    "github_reviewed_at": "2022-06-28T16:02:05Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:google-oauth-plugin

Package

Name: org.jenkins-ci.plugins:google-oauth-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/google-oauth-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Database specific

{
    "last_known_affected_version_range": "<= 0.9"
}