Arbitrary file read vulnerability in Jenkins File System SCM Plugin

2022-05-2416:52:45

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

CPENameOperatorVersion
hudson.plugins.filesystem_scm:filesystem_scmeq1.5
hudson.plugins.filesystem_scm:filesystem_scmeq1.7
hudson.plugins.filesystem_scm:filesystem_scmeq1.21-alpha-1
hudson.plugins.filesystem_scm:filesystem_scmeq1.9
hudson.plugins.filesystem_scm:filesystem_scmeq2.0
hudson.plugins.filesystem_scm:filesystem_scmeq1.8
hudson.plugins.filesystem_scm:filesystem_scmeq1.10
hudson.plugins.filesystem_scm:filesystem_scmeq1.21-alpha-2
hudson.plugins.filesystem_scm:filesystem_scmeq1.20
hudson.plugins.filesystem_scm:filesystem_scmeq1.6

Name	Operator	Version
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.5
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.7
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.21-alpha-1
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.9
hudson.plugins.filesystem_scm:filesystem_scm	eq	2.0
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.8
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.10
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.21-alpha-2
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.20
hudson.plugins.filesystem_scm:filesystem_scm	eq	1.6