CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

Information disclosure

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

Design/Logic Flaw

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36891

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...

CVE-2022-36891

CVE-2022-36891 affects Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier. The root cause is a missing permission check in an HTTP endpoint, allowing attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. The vulnerability contex...

CVE-2022-36890

CVE-2022-36890 concerns the Jenkins Deployer Framework Plugin (85.v1d1888e8c021 and earlier). The issue is an unrestricted filename in methods implementing form validation, enabling attackers with Item/Read permission to determine the existence of an attacker-specified path on the Jenkins control...

CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2022-36889

CVE-2022-36889 affects Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier. The root cause is that the plugin does not restrict the application path when configuring a deployment, enabling attackers with Item/Configure permission to upload arbitrary files from the Jenkins cont...

CVE-2022-36889

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...

PT-2022-4017 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: The issue is related to the incorrect restriction of the application path when configuring a deployment, allowing attackers with Item/Configure permission to...

Jenkins Plugin Deployer Framework 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...

Jenkins Plugin Deployer Framework 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-4031 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: A missing permission check in the Jenkins Deployer Framework Plugin allows attackers with Item/Read permission but without Deploy Now/Deploy permission to re...

org.jenkins-ci.plugins:cloudbees-deployer-plugin (=6.0) potentially affected by CVE-2020-2227 via org.jenkins-ci.plugins:deployer-framework (=1.0)

org.jenkins-ci.plugins:deployer-framework MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:deployer-framework and may be impacted: - org.jenkins-ci.plugins:cloudbees-deployer-plugin =6.0 Source cves: CVE-2020-22...

GHSA-CFVW-84VQ-43MX Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...

Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...