Description
Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.
Remediation
References
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551
http://www.openwall.com/lists/oss-security/2022/10/19/3
Related Vulnerabilities
CVE-2017-15702 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2022-34798 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard
CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2023-25164 Vulnerability in npm package @tinacms/cli
CVE-2014-3662 Vulnerability in maven package org.jenkins-ci.main:jenkins-core