CloudBees Jenkins Copy data to workspace Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An arbitrary file read...

CVE-2020-2275

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller...

com.liferay:com.liferay.gradle.plugins.workspace (>=1.10.12 <=8.0.0) potentially affected by CVE-2018-1324 via com.liferay:com.liferay.portal.tools.bundle.support (>=3.2.7 <=3.7.3)

com.liferay:com.liferay.portal.tools.bundle.support MAVEN version =3.2.7, =1.10.12, =8.0.0 Source cves: CVE-2018-1324 Source advisory: OSV:GHSA-H436-432X-8FVX...