Arbitrary File Reading Vulnerability in Jenkins Storable Configs Plugin
CVE-2020-2277

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Storable Configs Plugin
Vendor: CVE Published:; 16 September 2020

Summary

The Jenkins Storable Configs Plugin version 1.0 and prior is vulnerable to an arbitrary file reading issue, which allows users with Job/Read permissions to access sensitive files within the Jenkins controller's file system. This poses a significant risk as it could lead to exposure of confidential data, potentially enabling malicious users to exploit the data accessed. Proper security measures should be taken to mitigate this risk, including upgrading to a patched version and revising user permissions.

Affected Version(s)

Jenkins Storable Configs Plugin <= 1.0

References

https://www.jenkins.io/security/advisory/2020-09-16/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/09/16/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Dec 5, 2019