GHSA-q4mr-j6w9-r2mr

Опубликовано: 01 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Missing Authorization in Jenkins Deployment Dashboard Plugin

Jenkins Deployment Dashboard Plugin version 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:ec2-deployment-dashboard

maven

Затронутые версииВерсия исправления

<= 1.0.10

Отсутствует

EPSS

Процентиль: 71%

0.00668

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-34798

Дефекты

CWE-862

Связанные уязвимости

CVE-2022-34798

CVSS3: 4.3

nvd

больше 3 лет назад

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

EPSS

Процентиль: 71%

0.00668

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-34798

Дефекты

CWE-862