CVE-2022-41231

Name of the Vulnerable Software and Affected Versions Jenkins Build-Publisher Plugin versions 1.22 and earlier

Description The issue allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. This endpoint is also vulnerable to cross-site request forgery (CSRF) attacks, which can result in any config.xml file being replaced with an empty file.

Recommendations For Jenkins Build-Publisher Plugin versions 1.22 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.