Rewterz Threat Advisory – CVE-2022-45387 – Jenkins BART Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45389 – Jenkins XP-Dev Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45387 – Jenkins BART Plugin Vulnerability
November 16, 2022Rewterz Threat Advisory – CVE-2022-45389 – Jenkins XP-Dev Plugin Vulnerability
November 16, 2022Severity
High
Analysis Summary
CVE-2022-45388
Jenkins Config Rotator Plugin could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-45388
Affected Vendors
Jenkins
Affected Products
Jenkins Config Rotator Plugin 2.0.1
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.