[MAVEN:GHSA-8QH4-FGHR-6FXG] Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-oauth-plugin | <= 0.9 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-oauth-plugin | = 0.10 |
- ID
- MAVEN:GHSA-8QH4-FGHR-6FXG
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-8qh4-fghr-6fxg
- Published
-
2022-05-24T16:58:49
(2 years ago) - Modified
-
2023-01-27T05:02:38
(20 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/google-oauth-plugin | org.jenkins-ci.plugins | google-oauth-plugin | <= 0.9 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/google-oauth-plugin | org.jenkins-ci.plugins | google-oauth-plugin | = 0.10 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |