CVE-2022-36918

Summary

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Buckminster Pluginunspecified <= 1.1.1affected
Jenkins projectJenkins Buckminster Pluginnext of 1.1.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References