Lucene search
Veracode Vulnerability DatabaseVERACODE:39572HistoryMar 07, 2023 - 12:49 a.m.
Arbitrary File Read
2023-03-0700:49:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
jenkins
arbitrary file read
vulnerability
apache commons configuration
file system
0.001 Low
EPSS
Percentile
39.7%
jenkins-2-plugins is vulnerable to Arbitrary File Read. The library does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons configuration library that enable the file: prefix interpolator by default, allowing attackers to configure pipelines to read arbitrary files from the Jenkins controller file system.
References
www.openwall.com/lists/oss-security/2022/11/15/4
access.redhat.com/errata/RHSA-2023:0777
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=2143089
docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949
Related
cvelist
cvelist
CVE-2022-45381
2022-11-15 00:00:00
github
github
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
cve
cve
CVE-2022-45381
2022-11-15 20:15:11
prion
prion
Default configuration
2022-11-15 20:15:00
osv
osv
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
2022-11-16 12:00:22
redhatcve
redhatcve
CVE-2022-45381
2022-11-16 02:56:17
nvd
nvd
CVE-2022-45381
2022-11-15 20:15:11
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
2024-01-24 00:00:00
redhat
redhat