Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins 插件 路径遍历漏洞
Vulnerability Description
Jenkins 插件是为Jenkins提供相应功能得插件。 Jenkins Fortify 插件20.2.34及更早版本存在安全漏洞,该漏洞源于没有对其Pipeline步骤的appName和appVersion参数进行清理,攻击者可利用该漏洞通过Item Configure权限在Jenkins控制器文件系统上写入内容或覆盖xml文件。
CVSS Information
N/A
Vulnerability Type
N/A