CVE-2021-43578
First published: Fri Nov 12 2021(Updated: )
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Squash Tm Publisher | <=1.0.0 | |
| maven/org.jenkins-ci.plugins:squashtm-publisher-plugin | <=1.0.0 | |
| <=1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-h648-gj34-5x4r
- alias/CVE-2021-43578
- collector/github-advisory
- collector/nvd-cve
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/trending
- vendor/jenkins
- canonical/jenkins squash tm publisher
- version/jenkins squash tm publisher/1.0.0
- package-manager/maven