CVE-2022-43414

Опубликовано: 19 окт. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.

Ссылки

http://www.openwall.com/lists/oss-security/2022/10/19/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/19/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:nunit:*:*:*:*:*:jenkins:*:*

Версия до 0.28 (исключая)

EPSS

Процентиль: 76%

0.00962

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-552

Связанные уязвимости

GHSA-8cxw-wvhc-p4x4