GHSA-fcxw-hhxq-48wx

Source

https://github.com/advisories/GHSA-fcxw-hhxq-48wx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fcxw-hhxq-48wx/GHSA-fcxw-hhxq-48wx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fcxw-hhxq-48wx

Aliases

CVE-2017-1000242

Published

2022-05-17T00:21:58Z

Modified

2024-02-19T05:32:11.257424Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Insecure temporary file usage in Jenkins Git Client Plugin

Details

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

Database specific

{
    "nvd_published_at": "2017-11-01T13:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-02T20:40:00Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:git-client

Package

Name: org.jenkins-ci.plugins:git-client; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/git-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.3

Affected versions

1.*

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1

1.1.1

1.1.2

1.2.0

1.3.0

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.12.0

1.13.0

1.14.0

1.14.1

1.15.0

1.16.1

1.17.0

1.17.1

1.18.0

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.19.6

1.19.7

1.20.0-beta1

1.20.0-beta2

1.20.0-beta3

1.20.2

1.21.0

2.*

2.0.0-beta1

2.0.0-beta2

2.0.0-beta3

2.0.0-beta4

2.0.0

2.1.0

2.2.0

2.2.1

2.3.0

2.4.0

2.4.1

2.4.2