CVE-2022-25188 is a vulnerability in Jenkins Fortify
Published on February 15, 2022
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker.
Products Associated with CVE-2022-25188
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-25188 are published in Jenkins Fortify:
Affected Versions
Jenkins project Jenkins Fortify Plugin:- Version unspecified, <= 20.2.34 is affected.
Exploit Probability
EPSS
0.57%
Percentile
68.06%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.