CVE-2022-36904
published 2022-07-27CVE-2022-36904: Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | android_signing_plugin | — | — |
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_code_pipeline_operations_plugin | — | — |
| jenkins | buckminster_plugin | — | — |
| jenkins | clif_performance_testing_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | files_found_trigger_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | google_cloud_backup_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | http_request_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_git_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |
| jenkins | openshift_deployer_plugin | — | — |