CVE-2022-34813
published 2022-06-30CVE-2022-34813: A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_notifications_plugin | — | — |
| jenkins | cisco_spark_plugin | — | — |
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | elasticsearch_query_plugin | — | — |
| jenkins | failed_job_deactivator_plugin | — | — |
| jenkins | feedback_panel_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | ids_in_xebialabs_xl_release_plugin | — | — |
| jenkins | jigomerge_plugin | — | — |
| jenkins | matrix_reloaded_plugin | — | — |
| jenkins | opsgenie_plugin | — | — |
| jenkins | plot_plugin | — | — |
| jenkins | project_inheritance_plugin | — | — |
| jenkins | recipe_plugin | — | — |
| jenkins | request_rename_or_delete_plugin | — | — |
| jenkins | rich_text_publisher_plugin | — | — |
| jenkins | rocketchat_notifier_plugin | — | — |
| jenkins | rqm_plugin | — | — |
| jenkins | skype_notifier_plugin | — | — |
| jenkins | testng_results_plugin | — | — |
| jenkins | validating_email_parameter_plugin | — | — |
| jenkins | xebialabs_xl_release_plugin | — | — |
| jenkins | xpath_configuration_viewer | <= 1.1.1 | — |
| jenkins | xpath_configuration_viewer_plugin | — | — |
| jenkins_project | jenkins_xpath_configuration_viewer_plugin | unspecified – 1.1.1 | — |