Описание
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Уязвимые конфигурации
Конфигурация 1Версия до 1.15 (исключая)
cpe:2.3:a:jenkins:semantic_versioning:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 62%
0.00425
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
EPSS
Процентиль: 62%
0.00425
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-611
CWE-611