Home > Vulnerability Database > CVE-2022-45381

Mend.io Vulnerability Database

CVE-2022-45381

Good to know:

Date: November 14, 2022

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.

Language: Java

Severity Score

8.1

Related Resources (6)

Url: https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/01be8ac0045027128fc1e9cf3a8b0709d08291ea

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-45381

Url: http://www.openwall.com/lists/oss-security/2022/11/15/4

Url: https://github.com/jenkinsci/pipeline-utility-steps-plugin

Url: https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949

Url: https://www.mend.io/vulnerability-database/CVE-2022-45381

Severity Score

8.1

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:pipeline-utility-steps:2.13.2

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-45381

Good to know:

Date: November 14, 2022

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?