CVE-2022-36910
In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich.
EPSS 0.29% · 52.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins Jenkins | |
| Red Hat | Red Hat Enterprise Linux |
Timeline
- Jul 27, 2022 CVE Published
- Jul 28, 2022 EPSS Score
- Sep 13, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 15, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 18, 2023 EPSS Score
- May 3, 2023 EPSS Score
- Jun 19, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0852.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0852 advisory
- https://access.redhat.com/errata/RHSA-2023:0017 advisory
- https://access.redhat.com/errata/RHSA-2022:7865 advisory
- https://www.jenkins.io/security/advisory/2022-07-27/ advisory