logo

Database

Lack of data validation - Path Traversal In org.jenkins-ci.plugins:mercurial

Description

Path traversal in Jenkins Mercurial Plugin SCMs support a number of different URL schemes, including local file system paths (e.g. using file: URLs).

Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspaces unless overridden. Some Pipeline-related features check out SCMs from the Jenkins controller as well.

This allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller’s file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-309482. NVD-2022-309483. OSV-2022-309484. GCVE-2022-30948

References

1. https://github.com/jenkinsci/mercurial-plugin/commit/b995436e560b01818f5d9e9920990370cc5753412. https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-24783. http://www.openwall.com/lists/oss-security/2022/05/17/8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.