CVE-2022-27201 in Semantic Versioning Plugininformação

Sumário

de MITRE • 15/03/2022

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

15/03/2022

Divulgação

15/03/2022

Moderação

aceite

Entrada

VDB-195175

CPE

pronto

EPSS

0.01314

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!