GHSA-q6cq-8r4j-6rj5

GitHub Security Advisory

Jenkins MathWorks Polyspace Plugin vulnerable to arbitrary file read

✓ GitHub Reviewed MODERATE Has CVE

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier does not restrict the path of the attached files in Polyspace Notification post-build step.

This allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file system.

Maven com.mathworks.polyspace.jenkins:mathworks-polyspace

Affected versions: 0 (last affected: 1.0.5)

CVE-2023-37960

GHSA ID

GHSA-q6cq-8r4j-6rj5

Published

July 12, 2023 6:30 PM

Last Modified

July 12, 2023 10:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.mathworks.polyspace.jenkins:mathworks-polyspace

GitHub Reviewed

✓ Yes

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.