ByteOS Network

NVD Vulnerability Details :

CVE-2022-25204

Analyzed

Source-jenkinsci-cert@googlegroups.com

Published At-15 Feb, 2022 | 17:15

Updated At-03 Nov, 2023 | 16:23

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary	2.0	5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N

CPE Matches

Jenkins

>>doktor>>Versions up to 0.4.1(inclusive)

cpe:2.3:a:jenkins:doktor:*:*:*:*:*:jenkins:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548	jenkinsci-cert@googlegroups.com	Issue Tracking Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History