An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2020/03/09/1 | Third Party Advisory |
| https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2020/03/09/1 | Third Party Advisory |
| https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668 | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.openwall.com/lists/oss-security/2020/03/09/1 - Third Party Advisory | |
| References | () https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668 - Vendor Advisory |
Information
Published : 2020-03-09 16:15
Updated : 2024-11-21 05:24
NVD link : CVE-2020-2139
Mitre link : CVE-2020-2139
CVE.ORG link : CVE-2020-2139
JSON object : View
Products Affected
jenkins
- cobertura
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')