Описание
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
Пакеты
Наименование
org.jenkins-ci.plugins:scriptler
maven
Затронутые версииВерсия исправления
<= 342.v6a
Отсутствует
Связанные уязвимости
CVSS3: 8.1
nvd
около 2 лет назад
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.