OpenCVE

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Nunit

Configuration 1 [-]

cpe:2.3:a:jenkins:nunit:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551

History

No history.

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2022-10-19T00:00:00

Updated: 2024-08-03T13:32:58.303Z

Reserved: 2022-10-18T00:00:00

Link: CVE-2022-43414

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-19T16:15:10.887

Modified: 2024-11-21T07:26:26.203

Link: CVE-2022-43414

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:nunit:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "9F975665-A545-4D3F-9F03-3EAF1C84B2E6", "versionEndExcluding": "0.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller."}, {"lang": "es", "value": "Jenkins NUnit Plugin versiones 0.27 y anteriores, implementa un mensaje de agente a controlador que analiza archivos dentro de un directorio especificado por el usuario como resultados de pruebas, permitiendo a atacantes capaces de controlar los procesos del agente obtener resultados de pruebas de archivos en un directorio especificado por el atacante en el controlador de Jenkins"}], "id": "CVE-2022-43414", "lastModified": "2024-11-21T07:26:26.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-19T16:15:10.887", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}