Vulnerability-Lookup

CVE-2022-36910 (GCVE-0-2022-36910)

Vulnerability from cvelistv5 – Published: 2022-07-27 14:26 – Updated: 2024-08-03 10:14

Summary

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Severity

No CVSS data available.

Assigner

jenkins

References

2 references

URL	Tags
https://www.jenkins.io/security/advisory/2022-07-…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2022/07/27/1	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Jenkins project	Jenkins Lucene-Search Plugin	Affected: unspecified , ≤ 370.v62a5f618cd3a (custom) Unknown: next of 370.v62a5f618cd3a , < unspecified (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:14:29.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
          },
          {
            "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Lucene-Search Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "370.v62a5f618cd3a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 370.v62a5f618cd3a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T14:24:28.516Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
        },
        {
          "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2022-36910",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins Lucene-Search Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "370.v62a5f618cd3a"
                          },
                          {
                            "version_affected": "?\u003e",
                            "version_value": "370.v62a5f618cd3a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
            },
            {
              "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2022-36910",
    "datePublished": "2022-07-27T14:26:54.000Z",
    "dateReserved": "2022-07-27T00:00:00.000Z",
    "dateUpdated": "2024-08-03T10:14:29.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-36910",
      "date": "2026-05-28",
      "epss": "0.00292",
      "percentile": "0.52729"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jenkins:lucene-search:*:*:*:*:*:jenkins:*:*\", \"versionEndIncluding\": \"370.v62a5f618cd3a\", \"matchCriteriaId\": \"BF790A02-B350-48B0-8A0D-142DD7BBE1BC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.\"}, {\"lang\": \"es\", \"value\": \"Jenkins Lucene-Search Plugin versiones 370.v62a5f618cd3a y anteriores, no lleva a cabo una comprobaci\\u00f3n de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read reindexar la base de datos y obtener informaci\\u00f3n sobre trabajos que de otro modo ser\\u00edan inaccesibles para ellos\"}]",
      "id": "CVE-2022-36910",
      "lastModified": "2024-11-21T07:14:03.820",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}]}",
      "published": "2022-07-27T15:15:10.277",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/27/1\", \"source\": \"jenkinsci-cert@googlegroups.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048\", \"source\": \"jenkinsci-cert@googlegroups.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/27/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-36910\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2022-07-27T15:15:10.277\",\"lastModified\":\"2024-11-21T07:14:03.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.\"},{\"lang\":\"es\",\"value\":\"Jenkins Lucene-Search Plugin versiones 370.v62a5f618cd3a y anteriores, no lleva a cabo una comprobaci\u00f3n de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read reindexar la base de datos y obtener informaci\u00f3n sobre trabajos que de otro modo ser\u00edan inaccesibles para ellos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:lucene-search:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"370.v62a5f618cd3a\",\"matchCriteriaId\":\"BF790A02-B350-48B0-8A0D-142DD7BBE1BC\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/27/1\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/27/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2022-04842

Vulnerability from fstec - Published: 27.07.2022

Title

Уязвимость плагина Jenkins Lucene-Search Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость плагина Jenkins Lucene-Search Plugin связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vendor

CD Foundation

Software Name

Jenkins Lucene-Search Plugin

Software Version

до 370.v62a5f618cd3a включительно (Jenkins Lucene-Search Plugin)

Possible Mitigations

Организационные меры: 1. Ограничить использование программного средства 2. Использование аналогичного программного средства

Reference

http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048

CWE

CWE-862

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "CD Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 370.v62a5f618cd3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Jenkins Lucene-Search Plugin)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b:\n1. \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n2. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.07.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.08.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.08.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04842",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-36910",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Jenkins Lucene-Search Plugin",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Jenkins Lucene-Search Plugin, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CWE-862)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Jenkins Lucene-Search Plugin \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2022/07/27/1\nhttps://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-862",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}

FKIE_CVE-2022-36910

Vulnerability from fkie_nvd - Published: 2022-07-27 15:15 - Updated: 2024-11-21 07:14

Severity

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
jenkinsci-cert@googlegroups.com	http://www.openwall.com/lists/oss-security/2022/07/27/1	Mailing List, Third Party Advisory
jenkinsci-cert@googlegroups.com	https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/07/27/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048	Vendor Advisory

Impacted products

	Vendor	Product	Version
	jenkins	lucene-search	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:lucene-search:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "BF790A02-B350-48B0-8A0D-142DD7BBE1BC",
              "versionEndIncluding": "370.v62a5f618cd3a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them."
    },
    {
      "lang": "es",
      "value": "Jenkins Lucene-Search Plugin versiones 370.v62a5f618cd3a y anteriores, no lleva a cabo una comprobaci\u00f3n de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read reindexar la base de datos y obtener informaci\u00f3n sobre trabajos que de otro modo ser\u00edan inaccesibles para ellos"
    }
  ],
  "id": "CVE-2022-36910",
  "lastModified": "2024-11-21T07:14:03.820",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-27T15:15:10.277",
  "references": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
    }
  ],
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M8W5-VWQ3-GP8F

Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2024-01-03 13:59

Summary

Lucene-Search Plugin does not perform permission checks in several HTTP endpoints

Details

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 370.v62a5f618cd3a"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:lucene-search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "387.v938a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-11T14:36:39Z",
    "nvd_published_at": "2022-07-27T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints.\n\nThis allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.\n",
  "id": "GHSA-m8w5-vwq3-gp8f",
  "modified": "2024-01-03T13:59:13Z",
  "published": "2022-07-28T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36910"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/lucene-search-plugin/commit/b56e0aba81a355356d20824e81038e9720bc7e2e"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Lucene-Search Plugin does not perform permission checks in several HTTP endpoints"
}

GSD-2022-36910

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-36910

Aliases

CVE-2022-36910

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-36910",
    "description": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.",
    "id": "GSD-2022-36910"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-36910"
      ],
      "details": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.",
      "id": "GSD-2022-36910",
      "modified": "2023-12-13T01:19:21.683094Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "jenkinsci-cert@googlegroups.com",
        "ID": "CVE-2022-36910",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jenkins Lucene-Search Plugin",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "versions": [
                              {
                                "lessThanOrEqual": "370.v62a5f618cd3a",
                                "status": "affected",
                                "version": "unspecified",
                                "versionType": "custom"
                              },
                              {
                                "lessThan": "unspecified",
                                "status": "unknown",
                                "version": "next of 370.v62a5f618cd3a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Jenkins project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048",
            "refsource": "MISC",
            "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,370.v62a5f618cd3a]",
          "affected_versions": "All versions up to 370.v62a5f618cd3a",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-862",
            "CWE-937"
          ],
          "date": "2022-08-11",
          "description": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.",
          "fixed_versions": [],
          "identifier": "CVE-2022-36910",
          "identifiers": [
            "GHSA-m8w5-vwq3-gp8f",
            "CVE-2022-36910"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.jenkins-ci.plugins/lucene-search",
          "pubdate": "2022-07-28",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Missing Authorization",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-36910",
            "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048",
            "http://www.openwall.com/lists/oss-security/2022/07/27/1",
            "https://github.com/advisories/GHSA-m8w5-vwq3-gp8f"
          ],
          "uuid": "7a9e6633-6962-4b3f-968f-4e9549a798cd"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jenkins:lucene-search:*:*:*:*:*:jenkins:*:*",
                "cpe_name": [],
                "versionEndIncluding": "370.v62a5f618cd3a",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2022-36910"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048"
            },
            {
              "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2023-11-22T21:09Z",
      "publishedDate": "2022-07-27T15:15Z"
    }
  }
}

WID-SEC-W-2022-0852

Vulnerability from csaf_certbund - Published: 2022-07-27 22:00 - Updated: 2023-01-12 23:00

Summary

Jenkins: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2022-36881

In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36882

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36883

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36884

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36885

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36886

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36887

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36888

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36889

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36891

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36892

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36893

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36894

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36895

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36896

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36897

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36898

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36899

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36900

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36902

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36903

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36904

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36905

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36906

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36907

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36908

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36909

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36910

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36911

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36912

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36913

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36914

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36915

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36916

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36917

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36918

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36919

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36920

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36921

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

CVE-2022-36922

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Jenkins Jenkins Jenkins	`cpe:/a:cloudbees:jenkins:-`	—

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:0017	external
https://access.redhat.com/errata/RHSA-2022:7865	external
https://www.jenkins.io/security/advisory/2022-07-27/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0852 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0852.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0852 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0852"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0017 vom 2023-01-12",
        "url": "https://access.redhat.com/errata/RHSA-2023:0017"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7865 vom 2022-11-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:7865"
      },
      {
        "category": "external",
        "summary": "Jenkins Security Advisory vom 2022-07-27",
        "url": "https://www.jenkins.io/security/advisory/2022-07-27/"
      }
    ],
    "source_lang": "en-US",
    "title": "Jenkins: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-01-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:32:28.990+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0852",
      "initial_release_date": "2022-07-27T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-07-27T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-11-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Jenkins Jenkins",
            "product": {
              "name": "Jenkins Jenkins",
              "product_id": "T015880",
              "product_identification_helper": {
                "cpe": "cpe:/a:cloudbees:jenkins:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Jenkins"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-36881",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36881"
    },
    {
      "cve": "CVE-2022-36882",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36882"
    },
    {
      "cve": "CVE-2022-36883",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36883"
    },
    {
      "cve": "CVE-2022-36884",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36884"
    },
    {
      "cve": "CVE-2022-36885",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36885"
    },
    {
      "cve": "CVE-2022-36886",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36886"
    },
    {
      "cve": "CVE-2022-36887",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36887"
    },
    {
      "cve": "CVE-2022-36888",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36888"
    },
    {
      "cve": "CVE-2022-36889",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36889"
    },
    {
      "cve": "CVE-2022-36890",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36890"
    },
    {
      "cve": "CVE-2022-36891",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36891"
    },
    {
      "cve": "CVE-2022-36892",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36892"
    },
    {
      "cve": "CVE-2022-36893",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36893"
    },
    {
      "cve": "CVE-2022-36894",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36894"
    },
    {
      "cve": "CVE-2022-36895",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36895"
    },
    {
      "cve": "CVE-2022-36896",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36896"
    },
    {
      "cve": "CVE-2022-36897",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36897"
    },
    {
      "cve": "CVE-2022-36898",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36898"
    },
    {
      "cve": "CVE-2022-36899",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36899"
    },
    {
      "cve": "CVE-2022-36900",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36900"
    },
    {
      "cve": "CVE-2022-36901",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36901"
    },
    {
      "cve": "CVE-2022-36902",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36902"
    },
    {
      "cve": "CVE-2022-36903",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36903"
    },
    {
      "cve": "CVE-2022-36904",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36904"
    },
    {
      "cve": "CVE-2022-36905",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36905"
    },
    {
      "cve": "CVE-2022-36906",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36906"
    },
    {
      "cve": "CVE-2022-36907",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36907"
    },
    {
      "cve": "CVE-2022-36908",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36908"
    },
    {
      "cve": "CVE-2022-36909",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36909"
    },
    {
      "cve": "CVE-2022-36910",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36910"
    },
    {
      "cve": "CVE-2022-36911",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36911"
    },
    {
      "cve": "CVE-2022-36912",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36912"
    },
    {
      "cve": "CVE-2022-36913",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36913"
    },
    {
      "cve": "CVE-2022-36914",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36914"
    },
    {
      "cve": "CVE-2022-36915",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36915"
    },
    {
      "cve": "CVE-2022-36916",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36916"
    },
    {
      "cve": "CVE-2022-36917",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36917"
    },
    {
      "cve": "CVE-2022-36918",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36918"
    },
    {
      "cve": "CVE-2022-36919",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36919"
    },
    {
      "cve": "CVE-2022-36920",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36920"
    },
    {
      "cve": "CVE-2022-36921",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36921"
    },
    {
      "cve": "CVE-2022-36922",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen. Betroffen sind folgende Plugins: Android Signing Plugin Buckminster Plugin, CLIF Performance Testing Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Compuware zAdviser API Plugin, Coverity Plugin, Deployer Framework Plugin, Dynamic Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Files Found Trigger Plugin, Git Plugin, Git client Plugin, GitHub Plugin, Google Cloud Backup Plugin, HashiCorp Vault Plugin, HTTP Request Plugin, Job Configuration History Plugin, Lucene-Search Plugin, Maven Metadata Plugin for Jenkins CI server Plugin, OpenShift Deployer Plugin, Openstack Heat Plugin, Repository Connector Plugin, rhnpush-plugin Plugin und rpmsign-plugin Plugin. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren. Zur erfolgreichen Ausnutzung einiger diese Schwachstellen ist eine Benutzeraktion oder Anmeldung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015880"
        ]
      },
      "release_date": "2022-07-27T22:00:00.000+00:00",
      "title": "CVE-2022-36922"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-36910 (GCVE-0-2022-36910)

BDU:2022-04842

FKIE_CVE-2022-36910

GHSA-M8W5-VWQ3-GP8F

GSD-2022-36910

WID-SEC-W-2022-0852

Tags

Sightings

Nomenclature