CVE-2019-10375: Arbitrary file read vulnerability in Jenkins File System SCM Plugin

May 24, 2022 (updated January 30, 2024)

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.

References

www.openwall.com/lists/oss-security/2019/08/07/1
github.com/advisories/GHSA-47rr-8vrp-9283
jenkins.io/security/advisory/2019-08-07/
nvd.nist.gov/vuln/detail/CVE-2019-10375

Detect and mitigate CVE-2019-10375 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →