Primary

Context

Jenkins Redpen - Pipeline Reporter for Jira Plugin Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability has been identified in the Redpen - Pipeline Reporter for Jira Plugin, specifically in versions through 1.054.v7b_9517b_6b_202. The vulnerability arises because the plugin fails to properly validate the workspace directory path when uploading artifacts to Jira. This issue allows attackers with Item/Configure permission to access files in the Jenkins controller's workspace directory. The vulnerability is exacerbated by the fact that the plugin does not support distributed builds, leading to artifact uploads from the Jenkins controller instead of the agent performing the build.

Impact

Exploitation of this vulnerability allows for unauthorized access to files in the Jenkins controller's workspace directory.

Added: Dec 10, 2025, 5:17 PM

Updated: Dec 10, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Redpen - Pipeline Reporter for Jira Plugin Path Traversal Vulnerability

Vulnerability

Impact

Affected Products

Jenkins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating