Arbitrary File Read Vulnerability in Jenkins Copy To Slave Plugin
CVE-2018-1000148 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.
Learn more about our Web Application Penetration Testing UK.