CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Config Rotator >> 2.0.1 Security Vulnerabilities

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

CVSS Score

7.5

EPSS Score

0.001

Published

2022-11-15

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Config Rotator >> 2.0.1 Security Vulnerabilities

Products

Pricing

Contact Us