← Zuruck zu CVEs
CVE-2024-5273
MEDIUM4.3
Beschreibung
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht5/24/2024
Zuletzt geandert10/10/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
jenkins:report_info
Schwachen (CWE)
CWE-22
Referenzen
http://www.openwall.com/lists/oss-security/2024/05/24/2(jenkinsci-cert@googlegroups.com)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2024/05/24/2(af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.