CVE-2022-41230

Summary

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Build-Publisher Pluginunspecified <= 1.22affected
Jenkins projectJenkins Build-Publisher Pluginnext of 1.22 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References