Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2022-01-12T19:06:27
Updated: 2024-08-03T03:36:19.962Z
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23118
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-12T20:15:09.807
Modified: 2023-11-30T19:15:28.033
Link: CVE-2022-23118
Redhat
No data.