Jenkins directory traversal vulnerability

2022-05-1701:26:47

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-coreeq1.500
org.jenkins-ci.main:jenkins-coreeq1.488
org.jenkins-ci.main:jenkins-coreeq1.442
org.jenkins-ci.main:jenkins-coreeq1.424
org.jenkins-ci.main:jenkins-coreeq1.510
org.jenkins-ci.main:jenkins-coreeq1.456
org.jenkins-ci.main:jenkins-coreeq1.509.4
org.jenkins-ci.main:jenkins-coreeq1.498
org.jenkins-ci.main:jenkins-coreeq1.429
org.jenkins-ci.main:jenkins-coreeq1.447

Name	Operator	Version
org.jenkins-ci.main:jenkins-core	eq	1.500
org.jenkins-ci.main:jenkins-core	eq	1.488
org.jenkins-ci.main:jenkins-core	eq	1.442
org.jenkins-ci.main:jenkins-core	eq	1.424
org.jenkins-ci.main:jenkins-core	eq	1.510
org.jenkins-ci.main:jenkins-core	eq	1.456
org.jenkins-ci.main:jenkins-core	eq	1.509.4
org.jenkins-ci.main:jenkins-core	eq	1.498
org.jenkins-ci.main:jenkins-core	eq	1.429
org.jenkins-ci.main:jenkins-core	eq	1.447