Lucene search
HistoryJul 27, 2022 - 3:15 p.m.
CVE-2022-36904
jenkins
repository connector plugin
permission bypass
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
22.0%
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Affected configurations
Node
jenkinsrepository_connectorRange≤2.2.0jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | repository_connector | * | cpe:2.3:a:jenkins:repository_connector:*:*:*:*:*:jenkins:*:* |
Related
osv
osv
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation
2022-07-28 00:00:42
CVE-2022-36904
2022-07-27 15:15:09
github
github
prion
prion
Design/Logic Flaw
2022-07-27 15:15:00
cvelist
cvelist
CVE-2022-36904
2022-07-27 14:25:41
cve
cve
CVE-2022-36904
2022-07-27 15:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
22.0%
Related for NVD:CVE-2022-36904