Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0

Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

Permalink: https://github.com/advisories/GHSA-8qh4-fghr-6fxg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Percentage: 0.00065
EPSS Percentile: 0.29549

Identifiers: GHSA-8qh4-fghr-6fxg, CVE-2019-10436
References: Repository: https://github.com/jenkinsci/google-oauth-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:google-oauth-plugin
Affected Version Ranges: <= 0.9
Fixed in: 0.10