Security Advisory

CVE-2021-43578

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-12 10:35:23

Last updated 2024-08-04 04:03:08

Assigner jenkins

State PUBLISHED

Description

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

← Browse all CVEs View on cve.org ↗