CVE-2022-23118
maven/ru.yandex.jenkins.plugins.debuilder/debian-package-builder
Improper Privilege Management
Jenkins Debian Package Builder Plugin implements functionality that allows agents to invoke command-line git
at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
All versions up to 1.6.11
Unfortunately, there is no solution available yet.
2022-01-21
source |