CVE-2021-43578

EPSS 0.13%
Veröffentlicht 12.11.2021 11:15:08
Zuletzt bearbeitet 21.11.2024 06:29:28
Quelle jenkinsci-cert@googlegroups.co
CVE-Watchlists
Login
Unerledigt
Login

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Squash Tm Publisher SwPlatformjenkins Version <= 1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.324

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P

http://www.openwall.com/lists/oss-security/2021/11/12/1

Third Party Advisory

Mailing List

https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43578

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43578

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43578

EUVD