• Published Date: Wed 16 Sep 2020
  • Last Modified Date: Fri 18 Sep 2020

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.

References (Advisories, Solutions, and Tools):

Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD