CVE-2022-36883

🗓️ 27 Jul 2022 14:21:12Reported by jenkinsType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 380 Views

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit

Reporter	Title	Published	Views	Family All 30
ATTACKERKB	CVE-2022-36883	27 Jul 202215:15	–	attackerkb
AlpineLinux	CVE-2022-36883	27 Jul 202214:21	–	alpinelinux
Circl	CVE-2022-36883	16 Jan 202406:27	–	circl
Tenable Nessus	Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.15 / 2.346.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2022-07-27)	7 Oct 202200:00	–	nessus
Tenable Nessus	RHEL 8 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)	23 Apr 202400:00	–	nessus
Tenable Nessus	RHCOS 4 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)	24 Jan 202400:00	–	nessus
Tenable Nessus	RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)	24 Jan 202400:00	–	nessus
Tenable Nessus	RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)	24 Jan 202400:00	–	nessus

NVD

Node

jenkins gitRange≤4.11.3jenkins

[
  {
    "product": "Jenkins Git Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "4.11.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "4.9.3"
      }
    ]
  }
]