Lucene search

[email protected]CVE-2022-23112

HistoryJan 12, 2022 - 8:15 p.m.

CVE-2022-23112

2022-01-1220:15:00

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-23112

jenkins

publish over ssh plugin

missing permission check

overall/read access

ssh

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

CPENameOperatorVersion
jenkins:publish_over_sshjenkins publish over sshle1.22

CPE	Name	Operator	Version
jenkins:publish_over_ssh	jenkins publish over ssh	le	1.22

References

www.openwall.com/lists/oss-security/2022/01/12/6

www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2022-23112

osv2 prion1 cnvd1 github1 nessus3