vulnerability

Red Hat OpenShift: CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jun 23, 2022	Sep 23, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 23, 2022

Added

Sep 23, 2022

Modified

Aug 11, 2025

Description

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-34177
https://attackerkb.com/topics/CVE-2022-34177
CWE-22
REDHAT-RHSA-2022:6531
REDHAT-RHSA-2022:9110
REDHAT-RHSA-2023:0017

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today