CVE-2022-30954
published 2022-05-17CVE-2022-30954: Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | application_detector_plugin | — | — |
| jenkins | autocomplete_parameter_plugin | — | — |
| jenkins | blue_ocean | <= 1.25.3 | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | global_variable_string_parameter_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | http_requests_in_script_security_plugin | — | — |
| jenkins | jdk_parameter_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | multiselect_parameter_plugin | — | — |
| jenkins | random_string_parameter_plugin | — | — |
| jenkins | repo_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | selection_tasks_plugin | — | — |
| jenkins | ssh_plugin | — | — |
| jenkins | storable_configs_plugin | — | — |
| jenkins | while_credentials_plugin | — | — |
| jenkins_project | jenkins_blue_ocean_plugin | unspecified – 1.25.3 | — |