CVE-2022-27208

CWE-22Path Traversal5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 25.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Kubernetes Continuous Deploy PluginJenkins Kubernetes Continuous Deploy
Timeline
PublishedMar 15
Latest updateMar 16

Description

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin2022-03-16
OSV
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin2022-03-16
CVEList
CVE-2022-27208: Jenkins Kubernetes Continuous Deploy Plugin 22022-03-15

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-03-152022-03-15
CVE-2022-27208 (MEDIUM CVSS 6.5) | Jenkins Kubernetes Continuous Deplo | cvebase.io