CVE-2022-28148: The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
jenkins	bitbucket_server_integration_plugin	—	—
jenkins	complexity_scatter_plot_plugin	—	—
jenkins	continuous_integration_with_toad_edge	<= 2.3	—
jenkins	continuous_integration_with_toad_edge_plugin	—	—
jenkins	flaky_test_handler_plugin	—	—
jenkins	jenkins_core	—	—
jenkins	jiratestresultreporter_plugin	—	—
jenkins	job_and_node_ownership_plugin	—	—
jenkins	phoenix_autotest_plugin	—	—
jenkins	proxmox_plugin	—	—
jenkins	rocketchat_notifier_plugin	—	—
jenkins	sitemonitor_plugin	—	—
jenkins	some_reports_generated_by_this_plugin	—	—
jenkins	tests_selector_plugin	—	—
jenkins	windows_in_continuous_integration_with_toad_edge_plugin	—	—
jenkins_project	jenkins_continuous_integration_with_toad_edge_plugin	unspecified – 2.3	—