Arbitrary File Write and Read Vulnerability in Jenkins Warnings Next Generation Plugin

Arbitrary File Write and Read Vulnerability in Jenkins Warnings Next Generation Plugin

CVE-2022-23107 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

Learn more about our Web Application Penetration Testing UK.