Lucene search

[email protected]CVE-2022-27211

HistoryMar 15, 2022 - 5:15 p.m.

CVE-2022-27211

2022-03-1517:15:11

CWE-862

[email protected]

web.nvd.nist.gov

105

cve-2022-27211

jenkins

kubernetes

continuous deploy plugin

nvd

security vulnerability

permission check

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

NVD

Node

jenkinskubernetes_continuous_deployRange≤2.3.1jenkins

CPENameOperatorVersion
jenkins:kubernetes_continuous_deployjenkins kubernetes continuous deployle2.3.1

CPE	Name	Operator	Version
jenkins:kubernetes_continuous_deploy	jenkins kubernetes continuous deploy	le	2.3.1

CNA Affected

[
  {
    "product": "Jenkins Kubernetes Continuous Deploy Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 2.3.1",
        "versionType": "custom"
      }
    ]
  }
]