← volver
CVE-2022-28148

CVE-2022-28148

EPSS 1.8%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
Productos afectados
Jenkins project · Jenkins Continuous Integration with Toad Edge Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654http://www.openwall.com/lists/oss-security/2022/03/29/1