vulnerability

Jenkins Advisory 2022-06-22: CVE-2022-34181: Agent-to-controller security bypass in xUnit Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jun 23, 2022	Jul 12, 2022	Jul 15, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jun 23, 2022

Added

Jul 12, 2022

Modified

Jul 15, 2022

Description

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.

Solutions

jenkins-lts-upgrade-2_332_4jenkins-upgrade-2_356

References

CVE-2022-34181
https://attackerkb.com/topics/CVE-2022-34181
URL-https://jenkins.io/security/advisory/2022-06-22/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today