Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
{ "nvd_published_at": "2019-05-21T13:29:00Z", "cwe_ids": [ "CWE-200", "CWE-538" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-06-28T23:09:37Z" }