CVE-2022-36890

🗓️ 27 Jul 2022 14:22:40Reported by jenkinsType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 89 Views

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-36890	27 Jul 202215:15	–	attackerkb
AlpineLinux	CVE-2022-36890	27 Jul 202214:22	–	alpinelinux
Tenable Nessus	Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.15 / 2.346.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2022-07-27)	7 Oct 202200:00	–	nessus
CNNVD	Jenkins Plugin Deployer Framework 路径遍历漏洞	27 Jul 202200:00	–	cnnvd
Cvelist	CVE-2022-36890	27 Jul 202214:22	–	cvelist
EUVD	EUVD-2022-6349	3 Oct 202520:07	–	euvd
Github Security Blog	Jenkins Deployer Framework Plugin vulnerable to Path Traversal	28 Jul 202200:00	–	github
NVD	CVE-2022-36890	27 Jul 202215:15	–	nvd
OSV	CVE-2022-36890	27 Jul 202215:15	–	osv
OSV	GHSA-HGP9-2C4W-X9MH Jenkins Deployer Framework Plugin vulnerable to Path Traversal	28 Jul 202200:00	–	osv

NVD

Node

jenkins deployer_frameworkRange≤85.v1d1888e8c021jenkins

[
  {
    "product": "Jenkins Deployer Framework Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "85.v1d1888e8c021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "1.3.1"
      }
    ]
  }
]