CVE-2022-34177
N/A
N/A
Summary
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins Pipeline: Input Step Plugin | 447.449.v193fd29f6021 | unaffected |
| Jenkins project | Jenkins Pipeline: Input Step Plugin | 2.12.2 | unaffected |
| Jenkins project | Jenkins Pipeline: Input Step Plugin | unspecified <= 448.v37cea_9a_10a_70 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.