CVE-2022-30947Path Traversal in Jenkins GIT

CWE-22Path Traversal5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins GITJenkins Project Jenkins GIT Plugin
Timeline
PublishedMay 17
Latest updateMay 18

Description

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_git_pluginunspecified4.11.1
NVDjenkins/git< 4.11.2

🔴Vulnerability Details

3
GHSA
Path traversal in Jenkins Git Mercurial and Repo Plugins2022-05-18
OSV
Path traversal in Jenkins Git Mercurial and Repo Plugins2022-05-18
CVEList
CVE-2022-30947: Jenkins Git Plugin 42022-05-17

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-05-172022-05-17
CVE-2022-30947 — Path Traversal in Jenkins GIT | cvebase