CVE-2022-23118

Summary

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Debian Package Builder Pluginunspecified <= 1.6.11affected
Jenkins projectJenkins Debian Package Builder Pluginnext of 1.6.11 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References