CVE-2022-41235

MEDIUM6.5EPSS 0.30%

Jenkins WildFly Deployer Plugin vulnerable to path traversal

發布日:2022/9/22修改日:2025/5/28

描述

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).

受影響套件(1)

Maven/org.jenkins-ci.plugins:wildfly-deployerfrom 0, <= 1.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-41235
PATCHhttps://github.com/jenkinsci/wildfly-deployer-plugin
WEBhttps://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645