CVE-2022-41235 – org.jenkins-ci.plugins:wildfly-deployer

Package

Manager: maven
Name: org.jenkins-ci.plugins:wildfly-deployer
Vulnerable Version: >=0 <=1.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00656 pctl0.70122

Details

Jenkins WildFly Deployer Plugin vulnerable to path traversal Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).

Metadata

Created: 2022-09-22T00:00:28Z
Modified: 2022-12-09T19:51:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-f7fq-wp2x-jc25/GHSA-f7fq-wp2x-jc25.json
CWE IDs: ["CWE-22", "CWE-284", "CWE-693"]
Alternative ID: GHSA-f7fq-wp2x-jc25
Finding: F063
Auto approve: 1