GHSA-fwxq-3f52-5cmc

Опубликовано: 27 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 4.3

Описание

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter.

This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

Filesystem List Parameter Plugin 0.0.15 ensures that paths used by the File system objects list Parameter are restricted to an allow list, with the default base directory set to $JENKINS_HOME/userContent/. The allow list can be configured to include additional custom base directories.

Ссылки

Пакеты

Наименование

aendter.jenkins.plugins:filesystem-list-parameter-plugin

maven

Затронутые версииВерсия исправления

< 0.0.15

0.0.15

EPSS

Процентиль: 71%

0.00693

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-54004

Дефекты

CWE-22

Связанные уязвимости

CVE-2024-54004

CVSS3: 4.3

nvd

около 1 года назад

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

EPSS

Процентиль: 71%

0.00693

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-54004

Дефекты

CWE-22