Lucene search
China National Vulnerability DatabaseCNVD-2022-05101HistoryJan 16, 2022 - 12:00 a.m.
Jenkins Input Validation Error Vulnerability (CNVD-2022-05101)
2022-01-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.001 Low
EPSS
Percentile
22.0%
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins Credentials Binding Plugin is vulnerable to an input validation error that stems from the plugin’s failure to perform a permission check in the method that implements form validation, which could be exploited by an attacker with overall/read access vulnerability to verify that the credential ID refers to secret file credentials and that it is a zip file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins credentials binding plugin | le | 1.27 |
Related
prion
prion
Design/Logic Flaw
2022-01-12 20:15:00
nvd
nvd
CVE-2022-20616
2022-01-12 20:15:08
cve
cve
CVE-2022-20616
2022-01-12 20:15:08
redhatcve
redhatcve
CVE-2022-20616
2022-01-24 18:05:58
cvelist
cvelist
CVE-2022-20616
2022-01-12 19:05:51
osv
osv
CVE-2022-20616
2022-01-12 20:15:08
github
github
nessus
nessus
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
2022-02-15 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00