CVE-2022-28157Path Traversal in Project Jenkins Pipeline Phoenix Autotest Plugin

CWE-22Path Traversal5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Pipeline Phoenix Autotest PluginJenkins Pipeline
Timeline
PublishedMar 29
Latest updateMar 30

Description

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin2022-03-30
GHSA
Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin2022-03-30
CVEList
CVE-2022-28157: Jenkins Pipeline: Phoenix AutoTest Plugin 12022-03-29

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-03-292022-03-29
CVE-2022-28157 — Path Traversal | cvebase