CVE-2022-25204 Information
Jun 07, 2022
cve
Description
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Reference
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: