CVE-2022-36890

Name of the Vulnerable Software and Affected Versions Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier

Description The issue is related to incorrect restriction of the directory path name with limited access. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. Attackers with Item/Read permission can check for the existence of an attacker-specified file path on the Jenkins controller file system due to the lack of restriction on file names in methods implementing form validation.

Recommendations For Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier, update to version 86.v7b a 4a 55b f3ec or later, which ensures that only files contained inside the expected directory can be accessed.