Lucene search

[email protected]CVE-2022-36890

HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36890

2022-07-2715:15:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-36890

jenkins

deployer framework plugin

security

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.6%

JSON

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CPENameOperatorVersion
jenkins:deployer_frameworkjenkins deployer frameworkle85.v1d1888e8c021

CPE	Name	Operator	Version
jenkins:deployer_framework	jenkins deployer framework	le	85.v1d1888e8c021

References

www.openwall.com/lists/oss-security/2022/07/27/1

www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2206

Social References

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for CVE-2022-36890

prion1 osv1 alpinelinux1 github1 nessus1