CVE-2022-28148: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

March 30, 2022 (updated November 30, 2022)

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.

References

www.openwall.com/lists/oss-security/2022/03/29/1
github.com/advisories/GHSA-mc92-c859-jr66
nvd.nist.gov/vuln/detail/CVE-2022-28148
www.jenkins.io/security/advisory/2022-03-29/

Code Behaviors & Features

Detect and mitigate CVE-2022-28148 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →