CVE-2022-41235

MEDIUM6.5EPSS 0.30%

Jenkins WildFly Deployer Plugin vulnerable to path traversal

Published: 9/22/2022Modified: 5/28/2025

Description

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).

Affected packages (1)

Maven/org.jenkins-ci.plugins:wildfly-deployerfrom 0, <= 1.0.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-41235
PATCHhttps://github.com/jenkinsci/wildfly-deployer-plugin
WEBhttps://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645