GHSA-6xhf-xx3j-75f5

Опубликовано: 01 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests.

This is basically the same vulnerability as SECURITY-1995, whose fix was ineffective.

requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:requests

maven

Затронутые версииВерсия исправления

<= 2.2.16

2.2.17

EPSS

Процентиль: 69%

0.00617

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-34782

Дефекты

CWE-863

Связанные уязвимости

CVE-2022-34782

CVSS3: 4.3

nvd

больше 3 лет назад

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

EPSS

Процентиль: 69%

0.00617

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-34782

Дефекты

CWE-863