CVE-2022-45388

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.jenkins-ci.main/config-rotator

Identifiers

GHSA-9pqq-h9qv-28fp, CVE-2022-45388

Package Slug

maven/org.jenkins-ci.main/config-rotator

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

Affected Versions

Version 2.0.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-11-22

source