CVE-2022-23113

2022-01-1219:06:17

jenkins

www.cve.org

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

CNA Affected

[
  {
    "product": "Jenkins Publish Over SSH Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.22",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.22",
        "versionType": "custom"
      }
    ]
  }
]