The Total Economic Impact of CloudBees - commissioned study shows cost savings of $30.9 million using CloudBees for CI/CD →

CloudBees Security Advisory 2017-03-08

This advisory announces a vulnerability in the Maven Pipeline Plugin.

Maven Pipeline Plugin allows reading arbitrary files from the Jenkins master

SECURITY-441

The Maven Pipeline Plugin 0.5 and older, as well as 2.0-beta-5 and older, allowed users to copy and read arbitrary files accessible from the Jenkins master process in a Pipeline script by specifying that file's path on the Jenkins master as mavenSettingsFilePath or globalMavenSettingsFilePath.

Severity

  • SECURITY-441 is considered high .

Fix

  • Users of Maven Pipeline Plugin should update it to version 0.6 or newer, or version 2.0-beta-6 or newer.

More Security Advisories

From code to customer.

Continuously advancing your business.

© 2024 CloudBees, Inc., CloudBees® and the Infinity logo® are registered trademarks of CloudBees, Inc. in the United States and may be registered in other countries. Other products or brand names may be trademarks or registered trademarks of CloudBees, Inc. or their respective holders. Jenkins® is a registered trademark of LF Charities Inc.