Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02NHE5LWYzOGgtOW13eM0sLg
Protection Mechanism Failure in Jenkins Doktor Plugin
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
Permalink: https://github.com/advisories/GHSA-64q9-f38h-9mwxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NHE5LWYzOGgtOW13eM0sLg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 6 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-64q9-f38h-9mwx, CVE-2022-25204
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25204
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
- https://github.com/advisories/GHSA-64q9-f38h-9mwx
Affected Packages
maven:by.dev.madhead.doktor:doktor
Affected Version Ranges: <= 0.4.1No known fixed version