Lucene search

[email protected]CVE-2022-27208

HistoryMar 15, 2022 - 5:15 p.m.

CVE-2022-27208

2022-03-1517:15:11

CWE-22

[email protected]

web.nvd.nist.gov

108

cve-2022-27208

jenkins

kubernetes

continuous deploy plugin

file read

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

39.6%

JSON

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.

Affected configurations

NVD

Node

jenkinskubernetes_continuous_deployRange≤2.3.1jenkins

CPENameOperatorVersion
jenkins:kubernetes_continuous_deployjenkins kubernetes continuous deployle2.3.1

CPE	Name	Operator	Version
jenkins:kubernetes_continuous_deploy	jenkins kubernetes continuous deploy	le	2.3.1

CNA Affected

[
  {
    "product": "Jenkins Kubernetes Continuous Deploy Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 2.3.1",
        "versionType": "custom"
      }
    ]
  }
]