CVE-2021-43578

EPSS 1.1%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 nov 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

Productos afectados

Jenkins project · Jenkins Squash TM Publisher (Squash4Jenkins) Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525 http://www.openwall.com/lists/oss-security/2021/11/12/1