GoogleOSV:CVE-2022-36904

HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36904

2022-07-2715:15:09

Google

osv.dev

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CPENameOperatorVersion
repository-connector-plugineqrepository-connector-1.1.3
repository-connector-plugineqrepository-connector-2.0.3
repository-connector-plugineqrepository-connector-1.2.2
repository-connector-plugineqrepository-connector-1.3.0
repository-connector-plugineqrepository-connector-2.0.1
repository-connector-plugineqrepository-connector-2.0.2
repository-connector-plugineqrepository-connector-1.2.6
repository-connector-plugineqrepository-connector-0.6.1
repository-connector-plugineqrepository-connector-1.1.1
repository-connector-plugineqrepository-connector-1.2.0

Name	Operator	Version
repository-connector-plugin	eq	repository-connector-1.1.3
repository-connector-plugin	eq	repository-connector-2.0.3
repository-connector-plugin	eq	repository-connector-1.2.2
repository-connector-plugin	eq	repository-connector-1.3.0
repository-connector-plugin	eq	repository-connector-2.0.1
repository-connector-plugin	eq	repository-connector-2.0.2
repository-connector-plugin	eq	repository-connector-1.2.6
repository-connector-plugin	eq	repository-connector-0.6.1
repository-connector-plugin	eq	repository-connector-1.1.1
repository-connector-plugin	eq	repository-connector-1.2.0

Rows per page:

1-10 of 291

References

www.openwall.com/lists/oss-security/2022/07/27/1

www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Related for OSV:CVE-2022-36904