CVE-2022-25204: Protection Mechanism Failure in Jenkins Doktor Plugin

February 16, 2022 (updated March 1, 2022)

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

References

github.com/advisories/GHSA-64q9-f38h-9mwx
nvd.nist.gov/vuln/detail/CVE-2022-25204
www.jenkins.io/security/advisory/2022-02-15/

Detect and mitigate CVE-2022-25204 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →