GHSA-jj8j-6jq7-gmvh

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-jj8j-6jq7-gmvh/GHSA-jj8j-6jq7-gmvh.json

Aliases

CVE-2022-36914

Published

2022-07-28T00:00:42Z

Modified

2023-03-18T05:49:37.537347Z

Details

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-36914
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2210
http://www.openwall.com/lists/oss-security/2022/07/27/1

Affected packages

Maven / org.jenkins-ci.plugins:files-found-trigger

org.jenkins-ci.plugins:files-found-trigger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

1.*

1.3

1.3.1

1.4

1.5

Database specific

{
    "last_known_affected_version_range": "<= 1.5"
}