WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-25204 Vulnerability in maven package by.dev.madhead.doktor:doktor

Description

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Remediation

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548

Related Vulnerabilities

CVE-2018-20594 Vulnerability in maven package org.hswebframework.web:hsweb-system-workflow-local

CVE-2022-36917 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2020-28498 Vulnerability in maven package org.webjars.npm:elliptic

CVE-2023-32991 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2014-6393 Vulnerability in npm package express

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Patch Vendor Advisory NVD-CWE-noinfo