Lucene search

[email protected]NVD:CVE-2022-43434

HistoryOct 19, 2022 - 4:15 p.m.

CVE-2022-43434

2022-10-1916:15:12

[email protected]

web.nvd.nist.gov

cve-2022-43434

jenkins

neuvector

vulnerability scanner plugin

content-security-policy

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.6%

JSON

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

Affected configurations

NVD

Node

jenkinsneuvector_vulnerability_scannerRange≤1.20jenkins

References

www.openwall.com/lists/oss-security/2022/10/19/3

www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.6%

JSON

Related for NVD:CVE-2022-43434

cvelist1 github1 osv1 prion1 cve1 nessus1