Lucene search
China National Vulnerability DatabaseCNVD-2022-54932HistoryMar 31, 2022 - 12:00 a.m.
Jenkins Pipeline Phoenix AutoTest Plugin访问控制错误漏洞
2022-03-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.001 Low
EPSS
Percentile
28.6%
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.An access control error vulnerability exists in Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier, which stems from the plugin not performing permission checks across multiple HTTP endpoints, and an attacker with overall /read privileges, an attacker could use this vulnerability to enumerate the credential IDs of credentials stored in Jenkins.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins pipeline phoenix autotest plugin | lt | 1.3 |
Related
cve
cve
CVE-2022-28158
2022-03-29 13:15:10
osv
osv
Missing permission Jenkins Pipeline Phoenix AutoTest Plugin
2022-03-30 00:00:21
cvelist
cvelist
CVE-2022-28158
2022-03-29 12:31:24
prion
prion
Information disclosure
2022-03-29 13:15:00
nvd
nvd
CVE-2022-28158
2022-03-29 13:15:10
github
github
Missing permission Jenkins Pipeline Phoenix AutoTest Plugin
2022-03-30 00:00:21
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-03-29)
2022-03-31 00:00:00