Jenkins Doktor Plugin File Existence Disclosure Vulnerability

Jenkins Doktor Plugin File Existence Disclosure Vulnerability

CVE-2022-25204 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.

Learn more about our Web Application Penetration Testing UK.