CVE-2018-1000148: Exposure of Sensitive Information to an Unauthorized Actor

May 14, 2022 (updated January 30, 2024)

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

References

github.com/advisories/GHSA-9jrh-hch8-rr5c
jenkins.io/security/advisory/2018-03-26/
nvd.nist.gov/vuln/detail/CVE-2018-1000148

Detect and mitigate CVE-2018-1000148 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →