CVE-2020-2139

CVSS v3.1 6.5 (Medium)

CVSS v2.0 8.5 (High)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 2

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-03-09 16:15:13
(4 years ago)
Updated Date: 2023-10-25 18:16:31
(10 months ago)

Affected Products

Jenkins

Cobertura

Configuration #1

		CPE23	From	Up To
	Jenkins Cobertura for Jenkins 1.15 and prior versions	cpe:2.3:a:jenkins:cobertura::::::jenkins		<= 1.15