Lucene search
JenkinsVULNRICHMENT:CVE-2024-5273HistoryMay 24, 2024 - 1:46 p.m.
CVE-2024-5273
2024-05-2413:46:09
jenkins
github.com
1
jenkins
report info plugin
path validation
workspace directory
surefire failures
pmd violations
findbugs bugs
checkstyle errors
controller file system
editing workspace path
cve-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Report Info Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "1.2",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-5273
2024-05-24 14:15:17
veracode
veracode
Path Traversal
2024-06-14 08:21:21
cvelist
cvelist
CVE-2024-5273
2024-05-24 13:46:09
github
github
Jenkins Report Info Plugin Path Traversal vulnerability
2024-05-24 18:52:08
nvd
nvd
CVE-2024-5273
2024-05-24 14:15:17
osv
osv
Jenkins Report Info Plugin Path Traversal vulnerability
2024-05-24 18:52:08
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-05-24)
2024-05-24 00:00:00
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-5273