CVE-2022-29048 — Vulnetix

CVE-2022-29048 PUBLISHED CVSS 8.699999809265137 HIGH

Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.

EPSS 0.20% · 41.8th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.20%

41.8th percentile

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins Jenkins
Apple	Apple macOS Catalina <2022-005
Red Hat	Red Hat Enterprise Linux
Apple	Apple macOS Monterey <12.5
Apple	Apple macOS Big Sur <11.6.8

Timeline

Apr 12, 2022 CVE Published
Apr 13, 2022 EPSS Score
Jun 2, 2022 EPSS Score
Jul 5, 2022 PoC Published
Jul 7, 2022 PoC Published
Jul 23, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Dec 21, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 31, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0265.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0265 advisory
https://access.redhat.com/errata/RHSA-2023:1064 advisory
https://access.redhat.com/errata/RHSA-2022:2280 advisory
https://access.redhat.com/errata/RHSA-2022:2205 advisory
https://access.redhat.com/errata/RHSA-2022:4947 advisory
https://access.redhat.com/errata/RHSA-2022:4909 advisory
https://www.jenkins.io/security/advisory/2022-04-12/ advisory
https://access.redhat.com/errata/RHSA-2022:2281 advisory
https://access.redhat.com/errata/RHSA-2023:0017 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0778.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0778 advisory
https://support.apple.com/en-us/HT213343 advisory
https://support.apple.com/en-us/HT213344 advisory
https://support.apple.com/en-us/HT213345 advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit

Open in Interactive Console →