GHSA-8CXW-WVHC-P4X4 Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller...

Agent-to-controller security bypass in Jenkins xUnit Plugin

xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn’t exist, and parsing files inside it as test results. This allows attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to...

CVE-2022-28156

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace...

PT-2022-18855 · Jenkins · Jenkins Pipeline: Phoenix Autotest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Phoenix AutoTest Plugin versions 1.3 and earlier Description: The issue allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace...