CVE-2022-23113

Summary

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Publish Over SSH Pluginunspecified <= 1.22affected
Jenkins projectJenkins Publish Over SSH Pluginnext of 1.22 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References