CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. (CVSS:5.0) (Last Update:2022-06-29)Latest security vulnerabilities (Directory Traversal) (CVSS score >= 4) 

​   

More To Explore

ZERO Days Security

Pwn2Own Returns to Miami Beach for 2023

¡Bienvenidos de nuevo a Miami! Even as we make our final preparations for our consumer-focused contest in Toronto, we’re already looking ahead to warmer climes

Do You Want To Secure Your Business?

drop us a line and keep in touch

Cyber Security Automation
Generated by Feedzy