CVE-2022-45388

Description

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics