GHSA-9jrh-hch8-rr5c

Suggest an improvement
Source
https://github.com/advisories/GHSA-9jrh-hch8-rr5c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9jrh-hch8-rr5c/GHSA-9jrh-hch8-rr5c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9jrh-hch8-rr5c
Aliases
Published
2022-05-14T03:23:41Z
Modified
2024-02-16T08:15:41.535308Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
Details

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Database specific 
{
    "nvd_published_at": "2018-04-05T13:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:38:38Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:copy-to-slave

Package

Name
org.jenkins-ci.plugins:copy-to-slave
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/copy-to-slave

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.4.4

Affected versions

1.*

1.4
1.4.3
1.4.4