CVE-2022-43414

Published: Oct 19, 2022Modified: May 8, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller.

Affected (1)

Products: Jenkins: Nunit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Nunit	Before 0.28

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.