An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-545 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:59
Updated: 2022-10-03T16:21:59
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-1000148
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-05T13:29:00.573
Modified: 2018-05-15T17:17:31.223
Link: CVE-2018-1000148
JSON object: View
Redhat Information
No data.
CWE