CVE-2022-45385

2022-11-1520:15:11

CWE-862

[email protected]

web.nvd.nist.gov

249

cve-2022-45385

jenkins

cloudbees

docker

hub

registry

notification plugin

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

Affected configurations

NVD

Node

jenkinscloudbees_docker_hub\/registry_notificationRange<2.6.2.1jenkins

CPENameOperatorVersion
jenkins:cloudbees_docker_hub\/registry_notificationjenkins cloudbees docker hub/registry notificationlt2.6.2.1

CPE	Name	Operator	Version
jenkins:cloudbees_docker_hub\/registry_notification	jenkins cloudbees docker hub/registry notification	lt	2.6.2.1

CNA Affected

[
  {
    "product": "Jenkins CloudBees Docker Hub/Registry Notification Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.6.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "2.6.0.1"
      }
    ]
  }
]