A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web frameworks org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jenkins | Jenkins | * | 2.121.1 (including) |
Jenkins | Jenkins | 2.122 (including) | 2.132 (including) |