CVE-2020-2139
MEDIUMJenkins Cobertura < 1.16 - Arbitrary File Write via Coverage Report File
Title source: llmDescription
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1668
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/03/09/1
Scores
CVSS v3
6.5
EPSS
0.0523
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (2)
jenkins/cobertura
< 1.15
org.jenkins-ci.plugins/cobertura
0 - 1.16Maven
Published
Mar 09, 2020
Tracked Since
Feb 18, 2026