Lucene search

K
githubGitHub Advisory DatabaseGHSA-4JFQ-4FQC-5J9C
HistorySep 22, 2022 - 12:00 a.m.

Jenkins Rundeck Plugin Missing Authorization vulnerability

2022-09-2200:00:28
CWE-862
GitHub Advisory Database
github.com
9

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

22.0%

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.

Affected configurations

Vulners
Node
org.jenkinsci.plugins\Matchrundeck
CPENameOperatorVersion
org.jenkins-ci.plugins:rundecklt3.6.12

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

22.0%

Related for GHSA-4JFQ-4FQC-5J9C