Описание
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
Пакеты
Наименование
org.jvnet.hudson.plugins:storable-configs-plugin
maven
Затронутые версииВерсия исправления
<= 1.0
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.