Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cjgm-9vc9-56mx: Path traversal vulnerability in Jenkins Matrix Project Plugin

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

ghsa
#vulnerability#git

Path traversal vulnerability in Jenkins Matrix Project Plugin

Moderate severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Jan 24, 2024

Related news

Red Hat Security Advisory 2024-4597-03

Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.