Arbitrary File Read Affecting org.jenkins-ci.plugins:subversion package, versions [,1.54)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-32331
- published 29 May 2018
- disclosed 20 Nov 2013
- credit Lennart Starr
Introduced: 20 Nov 2013
CVE-2013-6372 Open this link in a new tabHow to fix?
Upgrade org.jenkins-ci.plugins:subversion
to version 1.54 or higher.
Overview
org.jenkins-ci.plugins:subversion Provides Jenkins integration with Apache Subversion.
Affected versions of this package are vulnerable to Arbitrary File Read. It stores credentials using base64
encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials
file.