← Back to CVEs
CVE-2024-5273
MEDIUM4.3
Description
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published5/24/2024
Last Modified10/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
jenkins:report_info
Weaknesses (CWE)
CWE-22
References
http://www.openwall.com/lists/oss-security/2024/05/24/2(jenkinsci-cert@googlegroups.com)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2024/05/24/2(af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.