cbcvebase.
CVE-2022-41238
published 2022-09-21

CVE-2022-41238: A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.85%
53.8th percentile
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

Affected

23 ranges
VendorProductVersion rangeFixed in
jenkinsanchore_container_image_scanner_plugin
jenkinsapprenda_plugin
jenkinsbigpanda_notifier_plugin
jenkinsbmc_ami_common_configuration_plugin
jenkinscons3rt_plugin
jenkinsdotci<= 2.40.00
jenkinsdotci_plugin
jenkinsjenkins_core
jenkinsjenkins_weekly
jenkinslack_of_authentication_mechanism_in_dotci_plugin
jenkinsns-nd_integration_performance_publisher_plugin
jenkinsrqm_plugin
jenkinsrundeck_plugin
jenkinsscm_httpclient_plugin
jenkinssecurity_inspector_plugin
jenkinssmalltest_plugin
jenkinsthis_could_create_confusion_in_users_of_the_plugin
jenkinsurls_of_jenkins_servers_that_the_plugin
jenkinsview26_test-reporting_plugin
jenkinswalti_plugin
jenkinswildfly_deployer_plugin
jenkinsworksoft_execution_manager_plugin
jenkins_projectjenkins_dotci_pluginunspecified – 2.40.00
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.