AI Score
Confidence
High
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Report Info Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "1.2",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]