CVE-2022-36889
published 2022-07-27CVE-2022-36889: Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | android_signing_plugin | — | — |
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_code_pipeline_operations_plugin | — | — |
| jenkins | buckminster_plugin | — | — |
| jenkins | clif_performance_testing_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | deployer_framework | <= 85.v1d1888e8c021 | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | files_found_trigger_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | google_cloud_backup_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | http_request_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_git_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |