CVE-2022-28148 – org.jenkins-ci.plugins:ci-with-toad-edge

Package

Manager: maven
Name: org.jenkins-ci.plugins:ci-with-toad-edge
Vulnerable Version: >=0 <2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00261 pctl0.49252

Details

Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Metadata

Created: 2022-03-30T00:00:23Z
Modified: 2022-11-30T20:57:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-mc92-c859-jr66/GHSA-mc92-c859-jr66.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-mc92-c859-jr66
Finding: F063
Auto approve: 1