CVE-2022-41231

CWE-22Path Traversal5 documents5 sources
Severity
5.7MEDIUM
EPSS
0.1%
top 79.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Build-publisher PluginJenkins Build-publisher
Timeline
PublishedSep 21
Latest updateSep 22

Description

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_build-publisher_pluginunspecified1.22

🔴Vulnerability Details

3
OSV
Path traversal in Jenkins build-publisher Plugin2022-09-22
GHSA
Path traversal in Jenkins build-publisher Plugin2022-09-22
CVEList
CVE-2022-41231: Jenkins Build-Publisher Plugin 12022-09-21

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-09-212022-09-21
CVE-2022-41231 (MEDIUM CVSS 5.7) | Jenkins Build-Publisher Plugin 1.22 | cvebase.io