Skip to main content

Config Rotator

1 CVEs product

Monthly

CVE-2022-45388 Maven HIGH This Week

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Config Rotator
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 1% CVSS 7.5
HIGH This Week

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Config Rotator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy