Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-23113

UNKNOWN
Published 2022-01-12T19:06:17
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-23113. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Publish Over SSH Plugin

Affected Versions:

unspecified next of 1.22

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Path traversal vulnerability in Jenkins Publish Over SSH Plugin

GHSA-j8rg-4hjm-8r95

Advisory Details

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

Affected Packages

Maven org.jenkins-ci.plugins:publish-over-ssh
ECOSYSTEM: ≥0 <1.23

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-23113
WEB https://github.com/jenkinsci/publish-over-ssh-plugin/commit/79f6598a17279125c476a29b21439ad3bd01e6c5
PACKAGE https://github.com/jenkinsci/publish-over-ssh-plugin
WEB https://github.com/jenkinsci/publish-over-ssh-plugin/releases/tag/publish-over-ssh-1.23
WEB https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307
WEB http://www.openwall.com/lists/oss-security/2022/01/12/6

Advisory provided by GitHub Security Advisory Database. Published: January 13, 2022, Modified: November 29, 2022

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307
http://www.openwall.com/lists/oss-security/2022/01/12/6
Published: 2022-01-12T19:06:17
Last Modified: 2024-10-15T17:14:13.043Z
Copied to clipboard!