CVE-2019-10375
MEDIUMJenkins File System SCM Plugin <2.1 - Info Disclosure
Title source: llmDescription
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/07/1
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569
Scores
CVSS v3
6.5
EPSS
0.0027
EPSS Percentile
50.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
hudson.plugins.filesystem_scm/filesystem_scm
0Maven
jenkins/file_system_scm
< 2.1
Published
Aug 07, 2019
Tracked Since
Feb 18, 2026