Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
Source: MITRE
Published: 2022-02-15
Updated: 2022-02-23
Type: NVD-CWE-noinfo
Base Score: 5.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 8
Severity: MEDIUM
Base Score: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Impact Score: 2.5
Exploitability Score: 2.8
Severity: MEDIUM