First published: Thu Apr 05 2018(Updated: )
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Copy To Slave | <=1.4.4 | |
maven/org.jenkins-ci.plugins:copy-to-slave | <=1.4.4 | |
<=1.4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.