CVE-2022-25204

Medium

5.4/10

Summary

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published Feb 15, 2022

CVE-2022-25204

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS