CVE-2022-25188 in Fortify Plugin
الملخص
بحسب MITRE • 15/02/2022
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.