Security Advisory

CVE-2022-45381

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-15 00:00:00

Last updated 2025-04-30 14:11:11

Assigner jenkins

State PUBLISHED

Description

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the file: prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.

← Browse all CVEs View on cve.org ↗