cbcvebase.
CVE-2022-30948
published 2022-05-17

CVE-2022-30948: Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Affected

22 ranges
VendorProductVersion rangeFixed in
jenkinsapplication_detector_plugin
jenkinsautocomplete_parameter_plugin
jenkinsblue_ocean_plugin
jenkinsgit_plugin
jenkinsgitlab_plugin
jenkinsglobal_variable_string_parameter_plugin
jenkinsgroovy_plugin
jenkinshttp_requests_in_script_security_plugin
jenkinsjdk_parameter_plugin
jenkinsjenkins_core
jenkinsmercurial< 2.16.12.16.1
jenkinsmercurial_plugin
jenkinsmultiselect_parameter_plugin
jenkinsrandom_string_parameter_plugin
jenkinsrepo_plugin
jenkinsrundeck_plugin
jenkinsscript_security_plugin
jenkinsselection_tasks_plugin
jenkinsssh_plugin
jenkinsstorable_configs_plugin
jenkinswhile_credentials_plugin
jenkins_projectjenkins_mercurial_pluginunspecified – 2.16