12 matches found
CVE-2022-45388
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...
GHSA-9PQQ-H9QV-28FP Jenkins Config Rotator Plugin vulnerable to path traversal
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. Currently there is no known workaround and no fix available...
Jenkins Config Rotator Plugin vulnerable to path traversal
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. Currently there is no known workaround and no fix available...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...
CVE-2022-45388
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...
CVE-2022-45388
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...
Design/Logic Flaw
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...
PT-2022-27490 · Jenkins · Jenkins Config Rotator Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config Rotator Plugin versions 2.0.1 and earlier Description: The issue allows unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system due to a lack of restriction on a file name...
Jenkins Plugin Config Rotator 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...
CVE-2022-45388
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...
CVE-2022-45388
CVE-2022-45388 affects Jenkins Config Rotator Plugin (versions 2.0.1 and earlier). The issue is an unrestricted file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with a .xml extension on the Jenkins controller filesystem. Publicly available ...
CVE-2022-45388
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...