Lucene search
JenkinsCVE-2022-43435HistoryOct 19, 2022 - 4:15 p.m.
CVE-2022-43435
2022-10-1916:15:12
jenkins
web.nvd.nist.gov
51
6
cve-2022-43435
jenkins
fireline plugin
content security policy
vulnerability
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
33.5%
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
Affected configurations
Node
jenkins360_firelineRange≤1.7.2jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | 360_fireline | * | cpe:2.3:a:jenkins:360_fireline:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"product": "Jenkins 360 FireLine Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.7.2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-43435
2022-10-19 16:15:12
nvd
nvd
CVE-2022-43435
2022-10-19 16:15:12
prion
prion
Design/Logic Flaw
2022-10-19 16:15:00
cvelist
cvelist
CVE-2022-43435
2022-10-19 00:00:00
github
github
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-10-19)
2023-03-03 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
33.5%
Related for CVE-2022-43435