GHSA-m935-chfp-9f63
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m935-chfp-9f63
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m935-chfp-9f63/GHSA-m935-chfp-9f63.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m935-chfp-9f63
- Aliases
- Published
- 2022-05-24T17:10:27Z
- Modified
- 2024-02-16T08:07:30.266010Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Arbitrary file write vulnerability in Jenkins Cobertura Plugin
- Details
-
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Cobertura Plugin 1.16 sanitizes the file paths to prevent escape from the base directory.
- Database specific
{ "nvd_published_at": "2020-03-09T16:15:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-01-05T20:25:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-2139
- https://github.com/jenkinsci/cobertura-plugin/commit/ea41b3f86a24ab398a588bde6a4eada869bed391
- https://github.com/jenkinsci/cobertura-plugin
- https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
- http://www.openwall.com/lists/oss-security/2020/03/09/1
Affected packages
Maven / org.jenkins-ci.plugins:cobertura
Package
- Name
- org.jenkins-ci.plugins:cobertura
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/cobertura
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16