CVE-2021-43578
N/A
N/A
Summary
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin | unspecified <= 1.0.0 | affected |
| Jenkins project | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin | next of 1.0.0 < unspecified | unknown |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525
- http://www.openwall.com/lists/oss-security/2021/11/12/1
References
- https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525
- http://www.openwall.com/lists/oss-security/2021/11/12/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.