CVE-2022-27203

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.8%

top 26.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Extended Choice Parameter Plugin Jenkins Extended Choice Parameter

Timeline

PublishedMar 15

Latest updateMar 16

Description

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:extended-choice-parameter346.vd87693c5a

▶CVEListV5jenkins_project/jenkins_extended_choice_parameter_pluginunspecified — 346.vd87693c5a_86c

▶NVDjenkins/extended_choice_parameter346.vd87693c5a_86c

🔴Vulnerability Details

GHSA

Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin↗2022-03-16

▶

OSV

Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin↗2022-03-16

▶

CVEList

CVE-2022-27203: Jenkins Extended Choice Parameter Plugin 346↗2022-03-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-03-15↗2022-03-15

▶