CVE-2022-28147

CWE-862 — Missing Authorization CWE-2815 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 86.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Continuous Integration With Toad Edge Plugin Jenkins Continuous Integration With Toad Edge

Timeline

PublishedMar 29

Latest updateMar 30

Description

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_continuous_integration_with_toad_edge_pluginunspecified — 2.3

▶NVDjenkins/continuous_integration_with_toad_edge2.3

▶Mavenorg.jenkins-ci.plugins:ci-with-toad-edge< 2.4

🔴Vulnerability Details

GHSA

Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

OSV

Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

CVEList

CVE-2022-28147: A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2↗2022-03-29

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-03-29↗2022-03-29

▶