CVE-2022-43416 in Katalon Plugininformação

Sumário

de MITRE • 19/10/2022

Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.

Once again VulDB remains the best source for vulnerability data.

Reservar

18/10/2022

Divulgação

19/10/2022

Moderação

aceite

Entrada

VDB-211859

CPE

pronto

EPSS

0.01088

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!