Lucene search
JenkinsCVELIST:CVE-2022-45381HistoryNov 15, 2022 - 12:00 a.m.
CVE-2022-45381
2022-11-1500:00:00
jenkins
www.cve.org
1
jenkins
pipeline
utility
steps
plugin
arbitrary file reading
cve-2022-45381
apache commons configuration
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the ‘file:’ prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins Pipeline Utility Steps Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
prion
prion
Default configuration
2022-11-15 20:15:00
osv
osv
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
redhatcve
redhatcve
CVE-2022-45381
2022-11-16 02:56:17
cve
cve
CVE-2022-45381
2022-11-15 20:15:11
nvd
nvd
CVE-2022-45381
2022-11-15 20:15:11
veracode
veracode
Arbitrary File Read
2023-03-07 00:49:53
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-04-28 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-11-15)
2023-08-04 00:00:00
redhat
redhat