Lucene search
GitHub Advisory DatabaseGHSA-7FPG-PP3M-H22FHistoryMay 17, 2022 - 3:53 a.m.
Jenkins allows attackers to execute arbitrary jobs
2022-05-1703:53:55
GitHub Advisory Database
github.com
3
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.3%
BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.
Affected configurations
Node
org.jenkins-ci.main\Matchjenkins-core
ORorg.jenkins-ci.main\Matchjenkins-core
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | lt | 1.532.2 | |
| org.jenkins-ci.main:jenkins-core | lt | 1.551 |
Related
prion
prion
Design/Logic Flaw
2014-10-17 15:55:00
Design/Logic Flaw
2014-10-17 15:55:00
ubuntucve
ubuntucve
CVE-2014-2058
2014-10-17 00:00:00
CVE-2013-7330
2014-10-17 00:00:00
nvd
nvd
CVE-2014-2058
2014-10-17 15:55:05
CVE-2013-7330
2014-10-17 15:55:05
cve
cve
CVE-2014-2058
2014-10-17 15:55:05
CVE-2013-7330
2014-10-17 15:55:05
osv
osv
Jenkins allows attackers to execute arbitrary jobs
2022-05-17 03:53:55
Jenkins allows attackers to configure restricted projects
2022-05-17 03:53:55
cvelist
cvelist
CVE-2014-2058
2014-10-17 15:00:00
CVE-2013-7330
2014-10-17 15:00:00
seebug
seebug
Jenkins BuildTriggerη±»ζιη»θΏζΌζ΄
2014-02-27 00:00:00
github
github
Jenkins allows attackers to configure restricted projects
2022-05-17 03:53:55
veracode
veracode
Authorization Bypass
2019-05-02 04:55:59
openvas
openvas
Jenkins < 1.551, < 1.532.2 LTS Multiple Vulnerabilities - Windows
2022-09-01 00:00:00
Jenkins < 1.551, < 1.532.2 LTS Multiple Vulnerabilities - Linux
2022-09-01 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2014) - Windows
2015-12-21 00:00:00
nessus
nessus
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.3%
Related for GHSA-7FPG-PP3M-H22F