Описание
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1880456jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
CVSS3: 5.3
github
больше 3 лет назад
Path traversal vulnerability in Blue Ocean Plugin
6.5 Medium
CVSS3