[JENKINS:SECURITY-2525] Agent-to-controller security bypass in `squashtm-publisher` allows writing arbitrary files

Severity High

Affected Packages 2

CVEs 1

squashtm-publisher 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input.

This allows attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

As of publication of this advisory, there is no fix.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/squashtm-publisher	<= 1.0.0
pkg:github/jenkinsci/squashtm-publisher-plugin	<= 1.0.0

ID

JENKINS:SECURITY-2525

Severity

high

Published

2021-11-12T00:00:00
(2 years ago)

Modified

2021-11-12T00:00:00
(2 years ago)

Rights

Jenkins Security Team

Other Advisories

MAVEN:GHSA-H648-GJ34-5X4R

Source	# ID	Name	URL
Plugin repository		squashtm-publisher repository	https://github.com/jenkinsci/squashtm-publisher-plugin

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/squashtm-publisher	org.jenkins-ci.plugins	squashtm-publisher	<= 1.0.0
Affected	pkg:github/jenkinsci/squashtm-publisher-plugin	jenkinsci	squashtm-publisher-plugin	<= 1.0.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date