CVE-2022-25204 – by.dev.madhead.doktor:doktor

Package

Manager: maven
Name: by.dev.madhead.doktor:doktor
Vulnerable Version: >=0 <=0.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00619 pctl0.69085

Details

Protection Mechanism Failure in Jenkins Doktor Plugin Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Metadata

Created: 2022-02-16T00:01:18Z
Modified: 2023-10-27T16:46:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-64q9-f38h-9mwx/GHSA-64q9-f38h-9mwx.json
CWE IDs: []
Alternative ID: GHSA-64q9-f38h-9mwx
Finding: F039
Auto approve: 1