CVE-2022-34181
Last modified
CVE-2022-34181 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.. EPSS estimates a 1.21% chance of exploitation in the next 30 days.
Description
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Xunit | <= 3.0.8 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-34181?
How severe is CVE-2022-34181?
How do I fix CVE-2022-34181?
Are you affected by CVE-2022-34181?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST