Описание
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be used to effectively list the Jenkins controller file system.
As of publication of this advisory, there is no fix.
Пакеты
org.jenkins-ci.plugins:repository-connector
<= 2.2.0
Отсутствует
Связанные уязвимости
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Уязвимость плагина Jenkins Repository Connector Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию о файловой системе