Security context
MediumGHSA-v759-3fh9-84mx CVE-2014-2059CWE-22Published May 17, 2022

Jenkins directory traversal vulnerability

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

1.533 → fixed in 1.5510 → fixed in 1.532.2

Details

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.

The fix

[FIXED SECURITY-108] Check job name created via CLI

Vojtech Juranek· Feb 6, 2014, 11:46 PM+10ad38d8480f
core/src/main/java/hudson/cli/CreateJobCommand.java+1 0
@@ -72,6 +72,7 @@ protected int run() throws Exception {
name = name.substring(i + 1);
}
+ Jenkins.checkGoodName(name);
ig.createProjectFromXML(name, stdin);
return 0;
}

References