Back to search
CVE-2022-27201
Published: Mar 15, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins Semantic Versioning Plugin | affected unspecified - <= 1.13 |
References
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124
x_refsource_CONFIRM
[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now