Miggo Logo
Miggo Vulnerability Database
CVE-2020-2278

CVE-2020-2278:
Arbitrary file write vulnerability in Jenkins Storable Configs Plugin

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-2278
GHSA ID
GHSA-qv6q-4jwx-7j5c
EPSS Score
0.76107%
CWE
CWE-22
Published
5/24/2022
Updated
10/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jvnet.hudson.plugins:storable-configs-pluginmaven<= 1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key failures: 1) accepting user-controlled filenames without path traversal checks, and 2) writing files to arbitrary locations by not properly constraining the target directory. Jenkins plugin patterns suggest these operations would be handled in action classes (like Action.java) and file utility classes. The first function likely handles the HTTP request to save configs, while the second processes the filename input. Both would lack validation logic to prevent escaping the intended storage directory, matching the CWE-22 description and advisory details about unrestricted filenames leading to arbitrary XML file overwrites.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Stor**l* *on*i*s Plu*in *.* *n* **rli*r *o*s not r*stri*t t** us*r-sp**i*i** *il* n*m*, *llowin* *tt**k*rs wit* Jo*/*on*i*ur* p*rmission to r*pl*** *ny ot**r '.xml' *il* on t** J*nkins *ontroll*r wit* * jo* *on*i*.xml *il*'s *ont*nt.

Reasoning

T** vuln*r**ility st*ms *rom two k*y **ilur*s: *) ****ptin* us*r-*ontroll** `*il*n*m*s` wit*out p*t* tr*v*rs*l ****ks, *n* *) writin* *il*s to *r*itr*ry lo**tions *y not prop*rly *onstr*inin* t** t*r**t *ir**tory. J*nkins plu*in p*tt*rns su***st t**s