CVE-2022-41238

Summary

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins DotCi Pluginunspecified <= 2.40.00affected
Jenkins projectJenkins DotCi Pluginnext of 2.40.00 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References