Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mN2ZxLXdwMngtamMyNc4AAu-h
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.
Permalink: https://github.com/advisories/GHSA-f7fq-wp2x-jc25JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mN2ZxLXdwMngtamMyNc4AAu-h
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-f7fq-wp2x-jc25, CVE-2022-41235
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-41235
- https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645
- https://github.com/advisories/GHSA-f7fq-wp2x-jc25
Affected Packages
maven:org.jenkins-ci.plugins:wildfly-deployer
Affected Version Ranges: <= 1.0.2No known fixed version