GHSA-mc92-c859-jr66

Source

https://github.com/advisories/GHSA-mc92-c859-jr66

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-mc92-c859-jr66/GHSA-mc92-c859-jr66.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mc92-c859-jr66

Aliases

CVE-2022-28148

Published

2022-03-30T00:00:23Z

Modified

2023-11-08T04:09:02.229553Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin

Details

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2022-11-30T20:57:48Z",
    "nvd_published_at": "2022-03-29T13:15:00Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:ci-with-toad-edge

Package

Name: org.jenkins-ci.plugins:ci-with-toad-edge; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/ci-with-toad-edge

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4

Affected versions

1.*

1.0

1.2

2.*

2.0

2.2

2.3