← back
CVE-2022-28148

CVE-2022-28148

EPSS 1.8%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
Affected products
Jenkins project · Jenkins Continuous Integration with Toad Edge Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654http://www.openwall.com/lists/oss-security/2022/03/29/1