Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mc92-c859-jr66

Опубликовано: 30 мар. 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:ci-with-toad-edge

maven
Затронутые версииВерсия исправления

< 2.4

2.4

EPSS

Процентиль: 49%
0.00261
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-28148

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2022-28148

CVSS3: 6.5
nvd
почти 4 года назад

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

EPSS

Процентиль: 49%
0.00261
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-28148

Дефекты

CWE-22