PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin+1
Daniel Beck
·
Published
2022-09-21
·
Updated
2025-05-28
·
CVE-2022-41235
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier
Description
The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.318 and earlier, and LTS 2.303.2 and earlier.
Recommendations
For Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.
For Jenkins 2.318 and earlier, and LTS 2.303.2 and earlier, consider upgrading to a newer version to minimize the risk of exploitation.
Fix
Improper Access Control
Protection Mechanism Failure
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Wildfly Deployer Plugin