Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 | |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: jenkins
Published: 2024-05-24T13:46:09.897Z
Updated: 2025-02-13T17:54:07.582Z
Reserved: 2024-05-23T16:06:54.667Z
Link: CVE-2024-5273

Updated: 2024-08-01T21:11:12.451Z

Status : Awaiting Analysis
Published: 2024-05-24T14:15:17.823
Modified: 2024-11-21T09:47:19.577
Link: CVE-2024-5273

No data.