← back
CVE-2022-45381

CVE-2022-45381

CVSS 8.1 HIGHEPSS 1.3%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
Jenkins project · Jenkins Pipeline Utility Steps Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949http://www.openwall.com/lists/oss-security/2022/11/15/4