Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-36883

CWE-862Missing Authorization7 documents7 sources
Severity
7.5HIGH
EPSS
78.6%
top 0.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Jenkins Project Jenkins GIT PluginJenkins GIT
Timeline
PublishedJul 27
Latest updateJul 28

Description

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_git_pluginunspecified4.11.3
NVDjenkins/git4.11.3

🔴Vulnerability Details

3
OSV
Lack of authentication mechanism in Jenkins Git Plugin webhook2022-07-28
GHSA
Lack of authentication mechanism in Jenkins Git Plugin webhook2022-07-28
CVEList
CVE-2022-36883: A missing permission check in Jenkins Git Plugin 42022-07-27

💥Exploits & PoCs

1
Nuclei
Jenkins Git <=4.11.3 - Missing Authorization

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2022-07-272022-07-27
Red Hat
plugin: Lack of authentication mechanism in Git Plugin webhook2022-07-27
CVE-2022-36883 (HIGH CVSS 7.5) | A missing permission check in Jenki | cvebase.io