Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Affected Packages

Maven by.dev.madhead.doktor:doktor

Affected versions: 0 (last affected: 0.4.1)

Related CVEs

CVE-2022-25204

Key Information

GHSA ID

GHSA-64q9-f38h-9mwx

Published

February 16, 2022 12:01 AM

Last Modified

October 27, 2023 4:46 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

by.dev.madhead.doktor:doktor

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.