CVE-2022-34785
published 2022-06-30CVE-2022-34785: Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build-metrics | <= 1.3 | — |
| jenkins | build_notifications_plugin | — | — |
| jenkins | cisco_spark_plugin | — | — |
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | elasticsearch_query_plugin | — | — |
| jenkins | failed_job_deactivator_plugin | — | — |
| jenkins | feedback_panel_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | ids_in_xebialabs_xl_release_plugin | — | — |
| jenkins | jigomerge_plugin | — | — |
| jenkins | matrix_reloaded_plugin | — | — |
| jenkins | opsgenie_plugin | — | — |
| jenkins | plot_plugin | — | — |
| jenkins | project_inheritance_plugin | — | — |
| jenkins | recipe_plugin | — | — |
| jenkins | request_rename_or_delete_plugin | — | — |
| jenkins | rich_text_publisher_plugin | — | — |
| jenkins | rocketchat_notifier_plugin | — | — |
| jenkins | rqm_plugin | — | — |
| jenkins | skype_notifier_plugin | — | — |
| jenkins | testng_results_plugin | — | — |
| jenkins | validating_email_parameter_plugin | — | — |
| jenkins | xebialabs_xl_release_plugin | — | — |
| jenkins | xpath_configuration_viewer_plugin | — | — |
| jenkins_project | jenkins_build-metrics_plugin | unspecified – 1.3 | — |