CVE-2022-28148

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 42.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Continuous Integration With Toad Edge Plugin Jenkins Continuous Integration With Toad Edge

Timeline

PublishedMar 29

Latest updateMar 30

Description

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_continuous_integration_with_toad_edge_pluginunspecified — 2.3

▶NVDjenkins/continuous_integration_with_toad_edge2.3

▶Mavenorg.jenkins-ci.plugins:ci-with-toad-edge< 2.4

🔴Vulnerability Details

GHSA

Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

OSV

Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

CVEList

CVE-2022-28148: The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2↗2022-03-29

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-03-29↗2022-03-29

▶