CVE-2022-34177

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

Jenkins Pipeline: Input Step Plugin versiones 448.v37cea_9a_10a_70 y anteriores, archiva los archivos cargados para los parámetros "file" para los pasos "input" de Pipeline en el controlador como parte de los metadatos de construcción, usando el nombre del parámetro sin sanearlo como una ruta relativa dentro de un directorio relacionado con la construcción, permitiendo a atacantes poder configurar Pipelines para crear o reemplazar archivos arbitrarios en el sistema de archivos del controlador Jenkins con contenido especificado por el atacante

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-21 CVE Reserved
2022-06-22 CVE Published
2024-01-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705	2023-11-03
https://access.redhat.com/security/cve/CVE-2022-34177	2023-01-12
https://bugzilla.redhat.com/show_bug.cgi?id=2103551	2023-01-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jenkins Search vendor "Jenkins"		Pipeline: Input Step Search vendor "Jenkins" for product "Pipeline: Input Step"				<= 448.v37cea_9a_10a_70 Search vendor "Jenkins" for product "Pipeline: Input Step" and version " <= 448.v37cea_9a_10a_70"		jenkins		Affected