Moderate severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
CVE-2022-34181
CVE-2022-34181
Description
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:xunitMaven | < 3.1.0 | 3.1.0 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-298j-9q4w-6rm4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34181ghsaADVISORY
- github.com/jenkinsci/xunit-plugin/commit/6976b5da114845a7936ea36d5783a65cd91f9897ghsaWEB
- www.jenkins.io/security/advisory/2022-06-22/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.