CVE-2022-30947 – org.jenkins-ci.plugins:mercurial

Package

Manager: maven
Name: org.jenkins-ci.plugins:mercurial
Vulnerable Version: >=0 <2.16.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01568 pctl0.80834

Details

Path traversal in Jenkins Git Mercurial and Repo Plugins Jenkins SCMs support a number of different URL schemes, including local file system paths (e.g. using `file:` URLs). Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspaces unless overridden. Some Pipeline-related features check out SCMs from the Jenkins controller as well. This allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Metadata

Created: 2022-05-18T00:00:39Z
Modified: 2023-12-06T15:20:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-84cm-vjwm-m979/GHSA-84cm-vjwm-m979.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-84cm-vjwm-m979
Finding: F063
Auto approve: 1