Vulnerabilities > CVE-2022-45388 - Unspecified vulnerability in Jenkins Config Rotator 2.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

NVD

Published: 2022-11-15

Updated: 2023-11-01

Summary

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Config Rotator - Jenkins Config Rotator 2.0.1	2

References

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2842
http://www.openwall.com/lists/oss-security/2022/11/15/4