CVE-2022-23107

2022-01-1219:06:06

jenkins

www.cve.org

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

CNA Affected

[
  {
    "product": "Jenkins Warnings Next Generation Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "9.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "9.0.2"
      },
      {
        "status": "unaffected",
        "version": "9.5.2"
      },
      {
        "status": "unaffected",
        "version": "9.7.1"
      }
    ]
  }
]