CVE-2022-29051

Missing Authorization in maven/org.jenkins-ci.plugins/publish-over-ftp

Identifiers

GHSA-5pv7-hx9m-8jh3, CVE-2022-29051

Package Slug

maven/org.jenkins-ci.plugins/publish-over-ftp

Vulnerability

Missing Authorization

Description

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.

Affected Versions

All versions before 1.17

Solution

Upgrade to version 1.17 or above.

Last Modified

2022-05-06

source