GHSA-9jrh-hch8-rr5c, CVE-2018-1000148
maven/org.jenkins-ci.plugins/copy-to-slave
Exposure of Sensitive Information to an Unauthorized Actor
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
All versions up to 1.4.4
Unfortunately, there is no solution available yet.
2024-01-31
source |