CVE-2022-36900
In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich.
EPSS 0.39% · 59.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins Jenkins | |
| Red Hat | Red Hat Enterprise Linux |
Timeline
- Jul 27, 2022 CVE Published
- Jul 28, 2022 EPSS Score
- Sep 12, 2022 EPSS Score
- Oct 28, 2022 EPSS Score
- Dec 13, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- Apr 30, 2023 EPSS Score
- Jun 15, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0852.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0852 advisory
- https://access.redhat.com/errata/RHSA-2023:0017 advisory
- https://access.redhat.com/errata/RHSA-2022:7865 advisory
- https://www.jenkins.io/security/advisory/2022-07-27/ advisory