csaf_certbund - wid-sec-w-2022-2056

wid-sec-w-2022-2056

Vulnerability from csaf_certbund

Published

2022-11-15 23:00

Modified

2023-02-22 23:00

Summary

Jenkins: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.

Angriff

Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Jenkins Plugins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer, authentisierter oder lokaler  Angreifer kann mehrere Schwachstellen in verschiedenen Jenkins Plugins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- UNIX\n- Linux\n- Windows\n- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2022-2056 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2056.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2022-2056 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2056",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2023:0777 vom 2023-02-23",
            url: "https://access.redhat.com/errata/RHSA-2023:0777",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
            url: "https://access.redhat.com/errata/RHSA-2023:0560",
         },
         {
            category: "external",
            summary: "Jenkins Security Advisory 2022-11-15  vom 2022-11-15",
            url: "https://www.jenkins.io/security/advisory/2022-11-15/",
         },
      ],
      source_lang: "en-US",
      title: "Jenkins: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-02-22T23:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:38:03.993+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2022-2056",
         initial_release_date: "2022-11-15T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2022-11-15T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2023-02-08T23:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2023-02-22T23:00:00.000+00:00",
               number: "3",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Jenkins Jenkins Plugins",
                  product: {
                     name: "Jenkins Jenkins Plugins",
                     product_id: "T013614",
                     product_identification_helper: {
                        cpe: "cpe:/a:cloudbees:jenkins:plugins",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Jenkins",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Red Hat Enterprise Linux",
                  product: {
                     name: "Red Hat Enterprise Linux",
                     product_id: "67646",
                     product_identification_helper: {
                        cpe: "cpe:/o:redhat:enterprise_linux:-",
                     },
                  },
               },
               {
                  category: "product_name",
                  name: "Red Hat OpenShift container platform 4.0.51",
                  product: {
                     name: "Red Hat OpenShift container platform 4.0.51",
                     product_id: "T026183",
                     product_identification_helper: {
                        cpe: "cpe:/a:redhat:openshift:container_platform_4.0.51",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-33980",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-33980",
      },
      {
         cve: "CVE-2022-38666",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-38666",
      },
      {
         cve: "CVE-2022-45379",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45379",
      },
      {
         cve: "CVE-2022-45380",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45380",
      },
      {
         cve: "CVE-2022-45381",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45381",
      },
      {
         cve: "CVE-2022-45382",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45382",
      },
      {
         cve: "CVE-2022-45383",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45383",
      },
      {
         cve: "CVE-2022-45384",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45384",
      },
      {
         cve: "CVE-2022-45385",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45385",
      },
      {
         cve: "CVE-2022-45386",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45386",
      },
      {
         cve: "CVE-2022-45387",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45387",
      },
      {
         cve: "CVE-2022-45388",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45388",
      },
      {
         cve: "CVE-2022-45389",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45389",
      },
      {
         cve: "CVE-2022-45390",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45390",
      },
      {
         cve: "CVE-2022-45391",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45391",
      },
      {
         cve: "CVE-2022-45392",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45392",
      },
      {
         cve: "CVE-2022-45393",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45393",
      },
      {
         cve: "CVE-2022-45394",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45394",
      },
      {
         cve: "CVE-2022-45395",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45395",
      },
      {
         cve: "CVE-2022-45396",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45396",
      },
      {
         cve: "CVE-2022-45397",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45397",
      },
      {
         cve: "CVE-2022-45398",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45398",
      },
      {
         cve: "CVE-2022-45399",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45399",
      },
      {
         cve: "CVE-2022-45400",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45400",
      },
      {
         cve: "CVE-2022-45401",
         notes: [
            {
               category: "description",
               text: "In Jenkins existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Associated Files Plugin, BART Plugin, CCCC Plugin, CloudBees Docker Hub/Registry Notification Plugin, Cluster Statistics Plugin, Config Rotator Plugin, Delete log Plugin, JAPEX Plugin, JUnit Plugin, loader. io Plugin, Naginator Plugin, NS-ND Integration Performance Publisher Plugin, NS-ND Integration Performance Publisher Plugin, OSF Builder Suite :: XML Linter Plugin, Pipeline Utility Steps Plugin, Pipeline Utility Steps Plugin, Reverse Proxy Auth Plugin, Script Security Plugin, SourceMonitor Plugin, Support Core Plugin, Violations Plugin und XP-Dev Plugin aufgrund mehrfacher willkürlicher Dateilesevorgänge, falscher Berechtigungsprüfungen, unsachgemäßer Authentisierungsprüfungen, im Klartext gespeicherter Passwörter und mehrerer XXE- und CSRF-Angriffe. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Sicherheitslücken erfordert eine Benutzerinteraktion.",
            },
         ],
         product_status: {
            known_affected: [
               "T026183",
               "67646",
               "T013614",
            ],
         },
         release_date: "2022-11-15T23:00:00.000+00:00",
         title: "CVE-2022-45401",
      },
   ],
}

cve-2022-45391

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%281%29
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins NS-ND Integration Performance Publisher Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%281%29",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins NS-ND Integration Performance Publisher Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "4.8.0.143",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:22.206Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%281%29",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45391",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.989Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45397

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins OSF Builder Suite : : XML Linter Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.039Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins OSF Builder Suite : : XML Linter Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0.2",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:29.291Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45397",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.039Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45389

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins XP-Dev Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.996Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins XP-Dev Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:19.887Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45389",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.996Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45398

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Cluster Statistics Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.971Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Cluster Statistics Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.4.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.4.6",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:30.476Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45398",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45393

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Delete log Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.019Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Delete log Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:24.548Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45393",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.019Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-38666

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 11:02

Severity ?

Summary

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins NS-ND Integration Performance Publisher Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T11:02:14.637Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins NS-ND Integration Performance Publisher Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "4.8.0.146",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 4.8.0.146",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:24:47.718Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-38666",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-08-22T00:00:00",
      dateUpdated: "2024-08-03T11:02:14.637Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45382

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2946
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Naginator Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.136Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2946",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Naginator Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.18.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:11.698Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2946",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45382",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.136Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45388

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2842
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Config Rotator Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.971Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2842",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Config Rotator Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "2.0.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 2.0.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:18.724Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2842",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45388",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45400

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2941
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins JAPEX Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.035Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2941",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins JAPEX Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.7",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:32.937Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2941",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45400",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.035Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45379

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Script Security Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.037Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Script Security Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1189.vb_a_b_7c8fd5fde",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "unaffected",
                     version: "1175.1179.vea_f7532629e1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:08.195Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45379",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.037Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45401

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Associated Files Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.038Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Associated Files Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.2.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.2.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:34.124Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45401",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.038Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45387

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2802
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins BART Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.013Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2802",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins BART Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0.3",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:17.581Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2802",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45387",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.013Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45399

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Cluster Statistics Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Cluster Statistics Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.4.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.4.6",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:31.667Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45399",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.989Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45381

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Pipeline Utility Steps Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.000Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Pipeline Utility Steps Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "2.13.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:10.547Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45381",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45384

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Reverse Proxy Auth Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.960Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Reverse Proxy Auth Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:14.042Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45384",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.960Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45386

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-766
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Violations Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.022Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-766",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Violations Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.7.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.7.11",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:16.421Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-766",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45386",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.022Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45396

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins SourceMonitor Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.046Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins SourceMonitor Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.2",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:28.094Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45396",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.046Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45395

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins CCCC Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.947Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins CCCC Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "0.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 0.6",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:26.864Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45395",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.947Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45390

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins loader.io Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.990Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins loader.io Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0.1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:21.061Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45390",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.990Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45383

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Support Core Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.984Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Support Core Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1206.v14049fa_b_d860",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "unaffected",
                     version: "1201.1203.v828b_ef272669",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:12.893Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45383",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.984Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45380

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins JUnit Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.037Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins JUnit Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1159.v0b_396e1e07dd",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "unaffected",
                     version: "1143.1145.v81b_b_9579a_019",
                  },
                  {
                     status: "unaffected",
                     version: "1119.1122.v750e65d31b_db_",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:09.402Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45380",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.037Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-33980

Vulnerability from cvelistv5

Published

2022-07-06 00:00

Modified

2024-08-03 08:16

Severity ?

Summary

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.

References

▼	URL	Tags
	https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
	http://www.openwall.com/lists/oss-security/2022/07/06/5	mailing-list
	https://security.netapp.com/advisory/ntap-20221028-0015/
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list
	https://www.debian.org/security/2022/dsa-5290	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Commons Configuration	Version: Apache Commons Configuration < 2.8.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T08:16:16.672Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s",
               },
               {
                  name: "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/07/06/5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0015/",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
               {
                  name: "DSA-5290",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5290",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Commons Configuration",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     changes: [
                        {
                           at: "2.4",
                           status: "affected",
                        },
                     ],
                     lessThan: "2.8.0",
                     status: "affected",
                     version: "Apache Commons Configuration",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     other: "Moderate",
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Insecure interpolation defaults",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-28T00:00:00",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               url: "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s",
            },
            {
               name: "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/07/06/5",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0015/",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
            {
               name: "DSA-5290",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5290",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Apache Commons Configuration insecure interpolation defaults",
         workarounds: [
            {
               lang: "en",
               value: "Upgrade to version Apache Commons Configuration 2.8.0",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2022-33980",
      datePublished: "2022-07-06T00:00:00",
      dateReserved: "2022-06-18T00:00:00",
      dateUpdated: "2024-08-03T08:16:16.672Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45385

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2843
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins CloudBees Docker Hub/Registry Notification Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.000Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2843",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins CloudBees Docker Hub/Registry Notification Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "2.6.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "unaffected",
                     version: "2.6.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:15.221Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2843",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45385",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45392

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins NS-ND Integration Performance Publisher Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:57.064Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins NS-ND Integration Performance Publisher Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "4.8.0.143",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:23.376Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45392",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:57.064Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-45394

Vulnerability from cvelistv5

Published

2022-11-15 00:00

Modified

2024-08-03 14:09

Severity ?

Summary

A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920
	http://www.openwall.com/lists/oss-security/2022/11/15/4	mailing-list

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Delete log Plugin	Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:09:56.993Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
               },
               {
                  name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Jenkins Delete log Plugin",
               vendor: "Jenkins project",
               versions: [
                  {
                     lessThanOrEqual: "1.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unknown",
                     version: "next of 1.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-24T14:26:25.700Z",
            orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            shortName: "jenkins",
         },
         references: [
            {
               url: "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
            },
            {
               name: "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/15/4",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
      assignerShortName: "jenkins",
      cveId: "CVE-2022-45394",
      datePublished: "2022-11-15T00:00:00",
      dateReserved: "2022-11-14T00:00:00",
      dateUpdated: "2024-08-03T14:09:56.993Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature