VDB
EN
HIGH 7.5

GHSA-fxxf-w25w-mcx2

Jenkins Credentials Binding Plugin does not properly sanitize file names for file and zip file credentials

상세

Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials.

This allows attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem. If Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node, this can lead to remote code execution.

Credentials Binding Plugin 725.ve52b_2328a_fde improves sanitization of the file name provided for file and zip file credentials, preventing path traversal.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.jenkins-ci.plugins:credentials-binding
최초 영향 버전: 0 수정 버전: 725.ve52b
수정 # pom.xml: bump <version>725.ve52b</version> for org.jenkins-ci.plugins:credentials-binding

참고