Main Vulnerability Database Vulnerabilities #VU60688

Security features bypass in Doktor - CVE-2022-25204

Published: February 17, 2022

Vulnerability identifier: #VU60688

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-25204

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Doktor

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc. A remote user can determine whether a file with a given name exists.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-02-15/

Security features bypass in Doktor - CVE-2022-25204

Description

Remediation

External links

Please verify you're human