CVE-2022-41231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.jenkins-ci.plugins/build-publisher

Identifiers

CVE-2022-41231

Package Slug

maven/org.jenkins-ci.plugins/build-publisher

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

Affected Versions

All versions up to 1.22

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-23

source