Search criteria
2 vulnerabilities found for Jenkins xUnit Plugin by Jenkins project
CVE-2022-34181 (GCVE-0-2022-34181)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:41 – Updated: 2024-08-03 08:16
VLAI?
Summary
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins project | Jenkins xUnit Plugin |
Affected:
unspecified , ≤ 3.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins xUnit Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "3.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn\u0027t exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:25.320Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins xUnit Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn\u0027t exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34181",
"datePublished": "2022-06-22T14:41:08",
"dateReserved": "2022-06-21T00:00:00",
"dateUpdated": "2024-08-03T08:16:17.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34181 (GCVE-0-2022-34181)
Vulnerability from nvd – Published: 2022-06-22 14:41 – Updated: 2024-08-03 08:16
VLAI?
Summary
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins project | Jenkins xUnit Plugin |
Affected:
unspecified , ≤ 3.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins xUnit Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "3.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn\u0027t exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:25.320Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins xUnit Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn\u0027t exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34181",
"datePublished": "2022-06-22T14:41:08",
"dateReserved": "2022-06-21T00:00:00",
"dateUpdated": "2024-08-03T08:16:17.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}