Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Jenkins File System SCM Plugin by Jenkins project
CVE-2019-10375 (GCVE-0-2019-10375)
Vulnerability from cvelistv5 – Published: 2019-08-07 14:20 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/08/07/1 | mailing-listx_refsource_MLIST |
| https://jenkins.io/security/advisory/2019-08-07/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins File System SCM Plugin |
Affected:
2.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:20.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins File System SCM Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:48:24.298Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins File System SCM Plugin",
"version": {
"version_data": [
{
"version_value": "2.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10375",
"datePublished": "2019-08-07T14:20:24.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:20.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10375 (GCVE-0-2019-10375)
Vulnerability from nvd – Published: 2019-08-07 14:20 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/08/07/1 | mailing-listx_refsource_MLIST |
| https://jenkins.io/security/advisory/2019-08-07/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins File System SCM Plugin |
Affected:
2.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:20.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins File System SCM Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:48:24.298Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins File System SCM Plugin",
"version": {
"version_data": [
{
"version_value": "2.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
},
{
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10375",
"datePublished": "2019-08-07T14:20:24.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:20.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}