PT-2022-17143 · Jenkins · Jenkins Doktor Plugin+1
Daniel Beck
·
Published
2022-02-15
·
Updated
2023-11-03
·
CVE-2022-25204
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Doktor Plugin version 0.4.1 and earlier
Description
The issue allows attackers who can control agent processes to determine whether a file with a given name exists on the controller, by exploiting the functionality that renders files as Markdown or Asciidoc and analyzing error messages.
Recommendations
For Jenkins Doktor Plugin version 0.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Doktor Plugin