Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tYzkyLWM4NTktanI2Ns02nQ
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
Permalink: https://github.com/advisories/GHSA-mc92-c859-jr66JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tYzkyLWM4NTktanI2Ns02nQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-mc92-c859-jr66, CVE-2022-28148
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-28148
- https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654
- http://www.openwall.com/lists/oss-security/2022/03/29/1
- https://github.com/advisories/GHSA-mc92-c859-jr66
Affected Packages
maven:org.jenkins-ci.plugins:ci-with-toad-edge
Affected Version Ranges: < 2.4Fixed in: 2.4