Lucene search
HistorySep 21, 2022 - 4:15 p.m.
CVE-2022-41235
cve-2022-41235
jenkins
wildfly deployer plugin
file read vulnerability
security issue
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.5%
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Affected configurations
Node
jenkinswildfly_deployerRange≤1.0.2jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:wildfly_deployer | jenkins wildfly deployer | le | 1.0.2 |
CNA Affected
[
{
"product": "Jenkins WildFly Deployer Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.2",
"versionType": "custom"
}
]
}
]Social References
More
Related
osv
osv
Jenkins WildFly Deployer Plugin vulnerable to path traversal
2022-09-22 00:00:28
nvd
nvd
CVE-2022-41235
2022-09-21 16:15:10
cvelist
cvelist
CVE-2022-41235
2022-09-21 15:45:55
prion
prion
Design/Logic Flaw
2022-09-21 16:15:00
github
github
Jenkins WildFly Deployer Plugin vulnerable to path traversal
2022-09-22 00:00:28
nessus
nessus
Jenkins weekly < 2.370 Multiple Vulnerabilities
2022-10-07 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
2022-10-07 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.5%
Related for CVE-2022-41235