{"api_version":"1","generated_at":"2026-04-23T06:20:46+00:00","cve":"CVE-2022-25204","urls":{"html":"https://cve.report/CVE-2022-25204","api":"https://cve.report/api/cve/CVE-2022-25204.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-25204","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-25204"},"summary":{"title":"CVE-2022-25204","description":"Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2022-02-15 17:15:00","updated_at":"2023-11-03 16:23:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548","name":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"Jenkins Security Advisory 2022-02-15","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-25204","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25204","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"25204","vulnerable":"1","versionEndIncluding":"0.4.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"doktor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-25204","qid":"376435","title":"Jenkins Plugins Multiple Security Vulnerabilities (Jenkins Security Advisory 2022-02-15)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-25204","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins Doktor Plugin","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"lessThanOrEqual":"0.4.1","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"unknown","version":"next of 0.4.1","versionType":"custom"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548","refsource":"MISC","name":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548"}]}},"nvd":{"publishedDate":"2022-02-15 17:15:00","lastModifiedDate":"2023-11-03 16:23:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.5},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:doktor:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"0.4.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}