Vulnerability Description
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Continuous Integration With Toad Edge | <= 2.3 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/03/29/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/03/29/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654Vendor Advisory
FAQ
What is CVE-2022-28148?
CVE-2022-28148 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing ...
How severe is CVE-2022-28148?
CVE-2022-28148 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-28148?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Continuous Integration With Toad Edge, Microsoft Windows.