← Retour aux CVEs
CVE-2024-5273
MEDIUM4.3
Description
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
Details CVE
Score CVSS v3.14.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie5/24/2024
Derniere modification10/10/2025
Sourcenvd
Observations honeypot0
Produits affectes
jenkins:report_info
Faiblesses (CWE)
CWE-22
References
http://www.openwall.com/lists/oss-security/2024/05/24/2(jenkinsci-cert@googlegroups.com)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2024/05/24/2(af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2024-05-24/#SECURITY-3070(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.