A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2022-07-27T14:26:41

Updated: 2023-10-24T14:24:27.320Z

Reserved: 2022-07-27T00:00:00


Link: CVE-2022-36909

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-07-27T15:15:10.227

Modified: 2023-11-02T21:04:48.220


Link: CVE-2022-36909

JSON object: View

cve-icon Redhat Information

No data.

CWE