CVE-2022-41231

MEDIUM Year: 2022
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

Related Vulnerabilities

CVE-2016-2205

MEDIUM
CVSS:5.7(Medium)

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec...

CWE-222016

CVE-2016-5941

MEDIUM
CVSS:5.7(Medium)

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrar...

CWE-222016

CVE-2017-11348

MEDIUM
CVSS:5.7(Medium)

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or mo...

CWE-222017

CVE-2017-15532

MEDIUM
CVSS:5.7(Medium)

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are store...

CWE-222017

CVE-2018-1000161

MEDIUM
CVSS:5.7(Medium)

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is runni...

CWE-222018

CVE-2019-3415

MEDIUM
CVSS:5.7(Medium)

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.

CWE-222019