2 matches found
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
PT-2022-27483 · Jenkins +1 · Jenkins Pipeline Utility Steps Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Utility Steps Plugin versions 2.13.1 and earlier Description: The issue allows attackers who can configure Pipelines to read arbitrary files from the Jenkins controller file system. This is due to the lack of restriction on t...