CVE-2022-23112Missing Authorization in Project Jenkins Publish Over SSH Plugin

CWE-862Missing Authorization5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 91.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Publish Over SSH PluginJenkins Publish Over SSH
Timeline
PublishedJan 12
Latest updateJan 13

Description

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_publish_over_ssh_pluginunspecified1.22

🔴Vulnerability Details

3
GHSA
Missing permission check in Jenkins Publish Over SSH Plugin2022-01-13
OSV
Missing permission check in Jenkins Publish Over SSH Plugin2022-01-13
CVEList
CVE-2022-23112: A missing permission check in Jenkins Publish Over SSH Plugin 12022-01-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-01-122022-01-12
CVE-2022-23112 — Missing Authorization | cvebase