CVE-2022-36913

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 78.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Openstack Heat PluginJenkins Openstack Heat
Timeline
PublishedJul 27
Latest updateJul 28

Description

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_openstack_heat_pluginunspecified1.5

🔴Vulnerability Details

3
GHSA
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation2022-07-28
OSV
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation2022-07-28
CVEList
CVE-2022-36913: Jenkins Openstack Heat Plugin 12022-07-27

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-07-272022-07-27
CVE-2022-36913 (MEDIUM CVSS 4.3) | Jenkins Openstack Heat Plugin 1.5 a | cvebase.io