Lucene search
HistorySep 21, 2022 - 4:15 p.m.
CVE-2022-41231
cve-2022-41231
jenkins
build-publisher plugin
api endpoint
security vulnerability
nvd
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.9%
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.
Affected configurations
Node
jenkinsbuild-publisherRange≤1.22jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:build-publisher | jenkins build-publisher | le | 1.22 |
CNA Affected
[
{
"product": "Jenkins Build-Publisher Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22",
"versionType": "custom"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2022-41231
2022-09-21 16:15:10
osv
osv
CVE-2022-41231
2022-09-21 16:15:10
Path traversal in Jenkins build-publisher Plugin
2022-09-22 00:00:28
prion
prion
Design/Logic Flaw
2022-09-21 16:15:00
github
github
Path traversal in Jenkins build-publisher Plugin
2022-09-22 00:00:28
cvelist
cvelist
CVE-2022-41231
2022-09-21 15:45:51
nessus
nessus
Jenkins weekly < 2.370 Multiple Vulnerabilities
2022-10-07 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
2022-10-07 00:00:00
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.9%
Related for CVE-2022-41231