CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.3%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

http://www.openwall.com/lists/oss-security/2022/02/15/2
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2214
http://www.openwall.com/lists/oss-security/2022/02/15/2
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2214

Products affected by CVE-2022-25188

Jenkins » Fortify » Version: 19.1.28

cpe:2.3:a:jenkins:fortify:19.1.28
Jenkins » Fortify » Version: 19.1.29

cpe:2.3:a:jenkins:fortify:19.1.29
Jenkins » Fortify » Version: 19.2.30

cpe:2.3:a:jenkins:fortify:19.2.30
Jenkins » Fortify » Version: 20.1.32

cpe:2.3:a:jenkins:fortify:20.1.32
Jenkins » Fortify » Version: 20.1.33

cpe:2.3:a:jenkins:fortify:20.1.33
Jenkins » Fortify » Version: 20.2.34

cpe:2.3:a:jenkins:fortify:20.2.34

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25188

Products

Pricing

Contact Us