Vulnerability Details CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2022-23118
-
cpe:2.3:a:jenkins:debian_package_builder:1.2
-
cpe:2.3:a:jenkins:debian_package_builder:1.3
-
cpe:2.3:a:jenkins:debian_package_builder:1.4
-
cpe:2.3:a:jenkins:debian_package_builder:1.4.1
-
cpe:2.3:a:jenkins:debian_package_builder:1.4.2
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.0
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.1
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.2
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.3
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.4
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.5
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.6
-
cpe:2.3:a:jenkins:debian_package_builder:1.5.7
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.0
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.1
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.10
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.11
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.2
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.3
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.4
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.5
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.6
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.7
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.8
-
cpe:2.3:a:jenkins:debian_package_builder:1.6.9