GHSA-cw5r-jx8r-9f7x

Опубликовано: 24 мая 2024

Источник: github

Github: Прошло ревью

CVSS4: 1.3

CVSS3: 4.3

Описание

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files.

Additionally, Report Info Plugin does not support distributed builds.

This results in a path traversal vulnerability, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.

As of publication of this advisory, there is no fix.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:report-info

maven

Затронутые версииВерсия исправления

<= 1.2

Отсутствует

EPSS

Процентиль: 38%

0.00171

Низкий

1.3 Low

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-5273

Дефекты

CWE-22

Связанные уязвимости

CVE-2024-5273

CVSS3: 4.3

nvd

больше 1 года назад

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.

EPSS

Процентиль: 38%

0.00171

Низкий

1.3 Low

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-5273

Дефекты

CWE-22