Lucene search
PRIOn knowledge basePRION:CVE-2022-45381HistoryNov 15, 2022 - 8:15 p.m.
Default configuration
2022-11-1520:15:00
PRIOn knowledge base
www.prio-n.com
6
jenkins
pipeline
security
apache commons configuration
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the ‘file:’ prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pipeline_utility_steps | lt | 2.13.2 |
Related
cvelist
cvelist
CVE-2022-45381
2022-11-15 00:00:00
github
github
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
veracode
veracode
Arbitrary File Read
2023-03-07 00:49:53
cve
cve
CVE-2022-45381
2022-11-15 20:15:11
nvd
nvd
CVE-2022-45381
2022-11-15 20:15:11
redhatcve
redhatcve
CVE-2022-45381
2022-11-16 02:56:17
osv
osv
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-11-15)
2023-08-04 00:00:00
redhat
redhat