CVE-2022-36890

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:deployer_framework:*:*:*:*:*:jenkins:*:*

History

21 Nov 2024, 07:14

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2022/07/27/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/07/27/1 - Mailing List, Third Party Advisory
References () https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2206 - Vendor Advisory () https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2206 - Vendor Advisory

22 Nov 2023, 21:09

Type Values Removed Values Added
CWE CWE-22

25 Oct 2023, 18:17

Type Values Removed Values Added
CWE CWE-22

Information

Published : 2022-07-27 15:15

Updated : 2024-11-21 07:14


NVD link : CVE-2022-36890

Mitre link : CVE-2022-36890

CVE.ORG link : CVE-2022-36890


JSON object : View

Products Affected

jenkins

  • deployer_framework
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')