Lucene search
JenkinsCVELIST:CVE-2022-41230HistorySep 21, 2022 - 3:45 p.m.
CVE-2022-41230
2022-09-2115:45:51
jenkins
www.cve.org
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.
CNA Affected
[
{
"product": "Jenkins Build-Publisher Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-41230
2022-09-21 16:15:10
nvd
nvd
CVE-2022-41230
2022-09-21 16:15:10
osv
osv
Missing permission check in Jenkins build-publisher Plugin
2022-09-22 00:00:28
CVE-2022-41230
2022-09-21 16:15:10
prion
prion
Code injection
2022-09-21 16:15:00
github
github
Missing permission check in Jenkins build-publisher Plugin
2022-09-22 00:00:28
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
2022-10-07 00:00:00
Jenkins weekly < 2.370 Multiple Vulnerabilities
2022-10-07 00:00:00