Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
Permalink: https://github.com/advisories/GHSA-8qh4-fghr-6fxgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00065
EPSS Percentile: 0.29549
Identifiers: GHSA-8qh4-fghr-6fxg, CVE-2019-10436
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10436
- https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583
- https://github.com/jenkinsci/google-oauth-plugin/commit/aef26a8425e515a9986412000d6191db95fa9e56
- https://github.com/advisories/GHSA-8qh4-fghr-6fxg
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:google-oauth-plugin
Affected Version Ranges: <= 0.9Fixed in: 0.10