Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yM2g1LThwaDYtN3JmY80sPQ
Path traversal vulnerability in Jenkins Fortify Plugin
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories.
This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.
Jenkins Fortify Plugin 20.2.35 sanitizes the appName and appVersion parameters of its Pipeline steps when determining the resulting filename.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM2g1LThwaDYtN3JmY80sPQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 6 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-23h5-8ph6-7rfc, CVE-2022-25188
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25188
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2214
- http://www.openwall.com/lists/oss-security/2022/02/15/2
- https://github.com/jenkinsci/fortify-plugin/commit/ba3030cb63bb86b6bb13342664e0e319f2fee374
- https://github.com/advisories/GHSA-23h5-8ph6-7rfc
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:fortify
Affected Version Ranges: < 20.2.35Fixed in: 20.2.35