CVE-2022-43414

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins NUnit Plugin versions 0.27 and earlier

Description The issue allows attackers who can control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. This is due to the implementation of an agent-to-controller message that parses files inside a user-specified directory as test results.

Recommendations For Jenkins NUnit Plugin versions 0.27 and earlier, update to version 0.28 or later, which changes the message type from agent-to-controller to controller-to-agent, preventing execution on the controller.

Fix

Protection Mechanism Failure

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-552

Related Identifiers

CVE-2022-43414

GHSA-8CXW-WVHC-P4X4

Affected Products

Jenkins

Jenkins Junit Plugin

CVE-2022-43414

Weakness Enumeration

Related Identifiers

Affected Products

References · 8