CVE-2022-28156

Name
CVE-2022-28156
Description
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2683
MLIST http://www.openwall.com/lists/oss-security/2022/03/29/1

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jenkins:pipeline\:_phoenix_autotest:*:*:*:*:*:jenkins:*:* jenkins >= None <= 1.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status