[MAVEN:GHSA-23H5-8PH6-7RFC] Path traversal vulnerability in Jenkins Fortify Plugin
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName
and appVersion
parameters of its Pipeline steps, which are used to write to files inside build directories.
This allows attackers with Item/Configure permission to write or overwrite .xml
files on the Jenkins controller file system with content not controllable by the attacker.
Jenkins Fortify Plugin 20.2.35 sanitizes the appName
and appVersion
parameters of its Pipeline steps when determining the resulting filename.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/fortify | < 20.2.35 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/fortify | = 20.2.35 |
- ID
- MAVEN:GHSA-23H5-8PH6-7RFC
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-23h5-8ph6-7rfc
- Published
-
2022-02-16T00:01:27
(2 years ago) - Modified
-
2023-10-27T16:24:33
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |