QwikSec

Security Database

CVE

CWE

Training

CVE-2022-30948

Published: May 17, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Vendor	Product	Versions
Jenkins project	Jenkins Mercurial Plugin	affected `unspecified - <= 2.16` unaffected `2.15.1`

References

https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478

x_refsource_CONFIRM

[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.