Arbitrary File Read Vulnerability in Jenkins Copy To Slave Plugin

Arbitrary File Read Vulnerability in Jenkins Copy To Slave Plugin

CVE-2018-1000148 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.

Learn more about our Web Application Penetration Testing UK.