CVE-2022-36884
published 2022-07-27CVE-2022-36884: The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | android_signing_plugin | — | — |
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_code_pipeline_operations_plugin | — | — |
| jenkins | buckminster_plugin | — | — |
| jenkins | clif_performance_testing_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | files_found_trigger_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | git | <= 4.11.3 | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | google_cloud_backup_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | http_request_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_git_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |