HIGH 7.5
GHSA-fxxf-w25w-mcx2
Jenkins Credentials Binding Plugin does not properly sanitize file names for file and zip file credentials
상세
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials.
This allows attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem. If Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node, this can lead to remote code execution.
Credentials Binding Plugin 725.ve52b_2328a_fde improves sanitization of the file name provided for file and zip file credentials, preventing path traversal.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Maven / org.jenkins-ci.plugins:credentials-binding
최초 영향 버전:
0 수정 버전: 725.ve52b 수정
# pom.xml: bump <version>725.ve52b</version> for org.jenkins-ci.plugins:credentials-binding