| |
Vulnerability CVE-2022-25204
Published: 2022-02-15
| Description: |
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. |
Type:
NVD-CWE-noinfo
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.5/10 |
4.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
