CVE-2022-30948

CWE-435CWE-22Path Traversal6 documents6 sources
Severity
7.5HIGH
EPSS
1.8%
top 17.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins MercurialJenkins Project Jenkins Mercurial Plugin
Timeline
PublishedMay 17
Latest updateMay 18

Description

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_mercurial_pluginunspecified2.16
NVDjenkins/mercurial< 2.16.1

🔴Vulnerability Details

3
OSV
Path traversal in Jenkins Mercurial Plugin2022-05-18
GHSA
Path traversal in Jenkins Mercurial Plugin2022-05-18
CVEList
CVE-2022-30948: Jenkins Mercurial Plugin 22022-05-17

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2022-05-172022-05-17
Red Hat
plugin: Mercurial SCM plugin can check out from the controller file system2022-05-17
CVE-2022-30948 (HIGH CVSS 7.5) | Jenkins Mercurial Plugin 2.16 and e | cvebase.io