Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5m4q-x28v-q6wp

Опубликовано: 18 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 4.3

Описание

Missing permission check in Jenkins Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints.

Ссылки

Пакеты

Наименование

io.jenkins.blueocean:blueocean-parent

maven
Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 56%
0.0034
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-30954

Дефекты

CWE-862

Связанные уязвимости

redhat логотип

CVE-2022-30954

CVSS3: 6.5
redhat
больше 3 лет назад

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

nvd логотип

CVE-2022-30954

CVSS3: 6.5
nvd
больше 3 лет назад

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

EPSS

Процентиль: 56%
0.0034
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-30954

Дефекты

CWE-862