Описание
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3 (включая)
Одновременно
cpe:2.3:a:jenkins:continuous_integration_with_toad_edge:*:*:*:*:*:jenkins:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00261
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
EPSS
Процентиль: 49%
0.00261
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22