CVE-2022-45379
published 2022-11-15CVE-2022-45379: Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | associated_files_plugin | — | — |
| jenkins | bart_plugin | — | — |
| jenkins | cccc_plugin | — | — |
| jenkins | cluster_statistics_plugin | — | — |
| jenkins | config_rotator_plugin | — | — |
| jenkins | delete_log_plugin | — | — |
| jenkins | japex_plugin | — | — |
| jenkins | junit_plugin | — | — |
| jenkins | naginator_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | registry_notification_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | script_security | < 1190.v65867a_a_47126 | 1190.v65867a_a_47126 |
| jenkins | script_security_plugin | — | — |
| jenkins | sourcemonitor_plugin | — | — |
| jenkins | support_core_plugin | — | — |
| jenkins | urls_in_the_plugin | — | — |
| jenkins | violations_plugin | — | — |
| jenkins | xml_linter_plugin | — | — |
| jenkins | xp-dev_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | unspecified – 1189.vb_a_b_7c8fd5fde | — |