Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.9 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS6.8AI score0.01453EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/10/07 12:0 a.m.69 views

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.15 / 2.346.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2022-07-27)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.15, or 2.x prior to 2.346.2.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenki...

8.8CVSS6.3AI score0.05563EPSS
Exploits0References43
vulnersOsv
vulnersOsv
added 2022/07/28 12:0 a.m.6 views

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2022-36889 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves:...

8.8CVSS7.2AI score0.01453EPSS
Exploits0
NVD
NVD
added 2022/07/27 3:15 p.m.33 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS0.01453EPSS
Exploits0References2
CVE
CVE
added 2022/07/27 2:22 p.m.101 views

CVE-2022-36889

CVE-2022-36889 affects Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier. The root cause is that the plugin does not restrict the application path when configuring a deployment, enabling attackers with Item/Configure permission to upload arbitrary files from the Jenkins cont...

8.8CVSS8.6AI score0.01453EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/07/27 2:22 p.m.38 views

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

8.8CVSS4.5AI score0.01453EPSS
Exploits0References2
Rows per page
Query Builder