CVE-2022-25188 is a vulnerability in Jenkins Fortify
Published on February 15, 2022
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.
Products Associated with CVE-2022-25188
Want to know whenever a new CVE is published for Jenkins Fortify? stack.watch will email you.
Affected Versions
Jenkins project Jenkins Fortify Plugin:- Version unspecified, <= 20.2.34 is affected.
Exploit Probability
EPSS
0.27%
Percentile
50.52%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.