CVE-2022-36883

Summary

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Git Pluginunspecified <= 4.11.3affected
Jenkins projectJenkins Git Plugin4.9.3unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References