CVE-2022-36913

2022-07-2715:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-36913

jenkins

openstack heat plugin

permission checks

form validation

security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinsopenstack_heatRange≤1.5jenkins

CPENameOperatorVersion
jenkins:openstack_heatjenkins openstack heatle1.5

CPE	Name	Operator	Version
jenkins:openstack_heat	jenkins openstack heat	le	1.5

CNA Affected

[
  {
    "product": "Jenkins Openstack Heat Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.5",
        "versionType": "custom"
      }
    ]
  }
]