1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-PXGQ-GQR9-5GWX

[MAVEN:GHSA-PXGQ-GQR9-5GWX] Path traversal vulnerability in Jenkins agent names

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart.

Jenkins 2.275, LTS 2.263.2 ensures that agent names are considered valid names for items to prevent this problem.

In case of problems, this change can be reverted by setting the Java system property jenkins.model.Nodes.enforceNameRestrictions to false.

Package Affected Version
pkg:maven/org.jenkins-ci.main/jenkins-core >= 2.264, < 2.275
pkg:maven/org.jenkins-ci.main/jenkins-core < 2.263.2
Package Fixed Version
pkg:maven/org.jenkins-ci.main/jenkins-core = 2.275
pkg:maven/org.jenkins-ci.main/jenkins-core = 2.263.2
ID
MAVEN:GHSA-PXGQ-GQR9-5GWX
Severity
high
URL
https://github.com/advisories/GHSA-pxgq-gqr9-5gwx
Published
2022-05-24T17:39:13
(2 years ago)
Modified
2023-12-22T13:36:56
(9 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core >= 2.264 < 2.275
Fixed pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core = 2.275
Affected pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core < 2.263.2
Fixed pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core = 2.263.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date