Debian Package Builder Plugin hasta 1.6.11 en Jenkins escalada de privilegios

Una vulnerabilidad ha sido encontrada en Debian Package Builder Plugin hasta 1.6.11 en Jenkins (Jenkins Plugin) y clasificada como crítica. Una función desconocida es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Campo2022-01-13 06:462022-01-15 12:38
nameDebian Package Builder PluginDebian Package Builder Plugin
version<=1.6.11<=1.6.11
platformJenkinsJenkins
cwe78 (escalada de privilegios)78 (escalada de privilegios)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcCC
urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2546https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2546
cveCVE-2022-23118CVE-2022-23118
cve_assigned16418556001641855600
date1642028400 (2022-01-13)1642028400 (2022-01-13)
typeJenkins PluginJenkins Plugin
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.25.2
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.5
price_0day$0-$5k$0-$5k
confirm_urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2546
cve_nvd_summaryJenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!