CVE-2022-36892

2022-07-2714:23:09

jenkins

www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CNA Affected

[
  {
    "product": "Jenkins rhnpush-plugin Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "0.5.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]