{"id":"CVE-2019-16540","details":"A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.","aliases":["GHSA-2cxg-448h-4wxj"],"modified":"2026-04-11T20:52:35.893967Z","published":"2019-11-21T15:15:14.167Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/11/21/1"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/support-core-plugin","events":[{"introduced":"0"},{"last_affected":"48a5197f74239709e80c3ae5528f22ccb3f4238d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.63"}],"cpe":"cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*","source":"CPE_FIELD"}}],"versions":["support-core-1.0","support-core-1.1","support-core-1.2","support-core-1.3","support-core-1.4","support-core-1.5","support-core-1.6","support-core-1.7","support-core-1.8","support-core-2.0","support-core-2.1","support-core-2.10","support-core-2.11","support-core-2.12","support-core-2.13","support-core-2.14","support-core-2.15","support-core-2.16","support-core-2.17","support-core-2.18","support-core-2.19","support-core-2.2","support-core-2.20","support-core-2.21","support-core-2.22","support-core-2.23","support-core-2.24","support-core-2.25","support-core-2.27","support-core-2.28","support-core-2.29","support-core-2.3","support-core-2.30","support-core-2.31","support-core-2.32","support-core-2.33","support-core-2.34","support-core-2.35","support-core-2.36","support-core-2.37","support-core-2.38","support-core-2.39","support-core-2.4","support-core-2.40","support-core-2.41","support-core-2.42","support-core-2.43","support-core-2.44","support-core-2.45","support-core-2.45.1","support-core-2.46","support-core-2.47","support-core-2.48","support-core-2.49","support-core-2.5","support-core-2.50","support-core-2.51","support-core-2.52","support-core-2.53","support-core-2.54","support-core-2.55","support-core-2.56","support-core-2.57","support-core-2.58","support-core-2.59","support-core-2.6","support-core-2.60","support-core-2.61","support-core-2.62","support-core-2.63","support-core-2.63-alpha","support-core-2.7","support-core-2.8","support-core-2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16540.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}