CVE-2022-25204medium
Description
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
Details
Source: MITRE
Published: 2022-02-15
Updated: 2022-02-23
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 5.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Impact Score: 2.5
Exploitability Score: 2.8
Severity: MEDIUM