Design/Logic Flaw

2018-04-0513:29:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

CPENameOperatorVersion
copy_to_slavele1.4.4

CPE	Name	Operator	Version
	copy_to_slave	le	1.4.4

References

jenkins.io/security/advisory/2018-03-26/