Security Advisories

Jenkins Security Advisory2017-03-08

This advisory announces vulnerabilities in 

,

and

CloudBees CI

This advisory announces a vulnerability in the Maven Pipeline Plugin.

Maven Pipeline Plugin allows reading arbitrary files from the Jenkins master

SECURITY-441

The Maven Pipeline Plugin 0.5 and older, as well as 2.0-beta-5 and older, allowed users to copy and read arbitrary files accessible from the Jenkins master process in a Pipeline script by specifying that file's path on the Jenkins master as mavenSettingsFilePath or globalMavenSettingsFilePath.

Severity

  • SECURITY-441 is considered high .

Fix

  • Users of Maven Pipeline Plugin should update it to version 0.6 or newer, or version 2.0-beta-6 or newer.

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed