Lucene search
GoogleOSV:GHSA-29Q6-P2CG-4V23HistoryJun 24, 2022 - 12:00 a.m.
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
2022-06-2400:00:31
Google
osv.dev
74
0.001 Low
EPSS
Percentile
36.2%
Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata using the parameter name without sanitization as a relative path inside a build-related directory.
This allows attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
Pipeline: Input Step Plugin 449.v77f0e8b_845c4 prohibits use of file parameters for Pipeline input steps. Attempts to use them will fail Pipeline execution.
Related
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.9.54 (RHSA-2022:9110)
2024-04-28 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.33 (RHSA-2022:6531)
2023-01-23 00:00:00
RHCOS 4 : OpenShift Container Platform 4.9.54 (RHSA-2022:9110)
2024-01-24 00:00:00
redhat
redhat
nvd
nvd
CVE-2022-34177
2022-06-23 17:15:15
github
github
Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
2022-06-24 00:00:31
veracode
veracode
Arbitrary File Write
2022-10-07 00:59:50
prion
prion
Design/Logic Flaw
2022-06-23 17:15:00
alpinelinux
alpinelinux
CVE-2022-34177
2022-06-23 17:15:15
redhatcve
redhatcve
CVE-2022-34177
2022-07-04 05:41:26
cnvd
cnvd
Jenkins Pipeline Plugin Arbitrary File Writing Vulnerability
2022-06-24 00:00:00
cve
cve
CVE-2022-34177
2022-06-23 17:15:15
cvelist
cvelist
CVE-2022-34177
2022-06-22 00:00:00