Main Vulnerability Database Vulnerabilities #VU46961

#VU46961 Path traversal in Storable Configs - CVE-2020-2278

Published: September 16, 2020 / Updated: September 22, 2020

Vulnerability identifier: #VU46961

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-2278

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Storable Configs

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected plugin does not restrict the user-specified file name. A remote authenticated attacker can replace any other ".xml" file on the Jenkins controller with the job’s "config.xml" file’s content.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://www.openwall.com/lists/oss-security/2020/09/16/3
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20(2)

#VU46961 Path traversal in Storable Configs - CVE-2020-2278

Description

Remediation

External links

Please verify you're human