CVE Vulnerabilities

CVE-2022-45388

Published: Nov 15, 2022 | Modified: Apr 30, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with .xml extension on the Jenkins controller file system.

Affected Software

Name Vendor Start Version End Version
Config_rotator Jenkins * 2.0.1 (including)

References