CVE-2022-30949 – org.jenkins-ci.plugins:mercurial

Package

Manager: maven
Name: org.jenkins-ci.plugins:mercurial
Vulnerable Version: >=0 <2.16.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0083 pctl0.73663

Details

Path traversal in Jenkins REPO Plugin SCMs support a number of different URL schemes, including local file system paths (e.g. using `file:` URLs). Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspaces unless overridden. Some Pipeline-related features check out SCMs from the Jenkins controller as well. This allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Metadata

Created: 2022-05-18T00:00:40Z
Modified: 2023-12-15T09:11:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8vfc-fcr2-47pj/GHSA-8vfc-fcr2-47pj.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-8vfc-fcr2-47pj
Finding: F063
Auto approve: 1