Miggo Logo
Miggo Vulnerability Database
CVE-2022-28148

CVE-2022-28148:
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-28148
GHSA ID
GHSA-mc92-c859-jr66
EPSS Score
0.49341%
CWE
CWE-22
Published
3/30/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:ci-with-toad-edgemaven< 2.42.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the plugin's use of a patched fork of Jenkins' DirectoryBrowserSupport class that lacked the SECURITY-2481 fix. This fix in core Jenkins addressed path traversal via absolute paths on Windows. The plugin's fork would have contained modified versions of key path-handling methods like serveFile() (for file serving) and resolvePath() (for path validation). These functions failed to account for Windows absolute path syntax (e.g., 'C:'), allowing attackers to escape restricted directories. The high confidence comes from the explicit advisory mention of the missing SECURITY-2481 fix and the Windows-specific path interpretation flaw.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *il* *rows*r in J*nkins *ontinuous Int**r*tion wit* To** **** Plu*in *.* *n* **rli*r m*y int*rpr*t som* p*t*s to *il*s *s **solut* on Win*ows, r*sultin* in * p*t* tr*v*rs*l vuln*r**ility *llowin* *tt**k*rs wit* It*m/R*** p*rmission to o*t*in t**

Reasoning

T** vuln*r**ility st*ms *rom t** plu*in's us* o* * p*t**** *ork o* J*nkins' `*ir**tory*rows*rSupport` *l*ss t**t l**k** t** `S**URITY-****` *ix. T*is *ix in *or* J*nkins ***r*ss** p*t* tr*v*rs*l vi* **solut* p*t*s on Win*ows. T** plu*in's *ork woul*