CVE-2022-45383

CWE-863 — Incorrect Authorization CWE-276 — Incorrect Default Permissions5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.8%

top 26.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Support Core Jenkins Project Jenkins Support Core Plugin

Timeline

PublishedNov 15

Latest updateNov 16

Description

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:support-core< 1206.1208.v9b_7a_1d48db_0f

▶CVEListV5jenkins_project/jenkins_support_core_pluginunspecified — 1206.v14049fa_b_d860

▶NVDjenkins/support_core< 1206.1208.v9b_7a_1d48db_0f

🔴Vulnerability Details

OSV

Incorrect permission checks in Jenkins Support Core Plugin↗2022-11-16

▶

GHSA

Incorrect permission checks in Jenkins Support Core Plugin↗2022-11-16

▶

CVEList

CVE-2022-45383: An incorrect permission check in Jenkins Support Core Plugin 1206↗2022-11-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-11-15↗2022-11-15

▶