Описание
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
Ссылки
- Mailing List
- Vendor Advisory
- Mailing List
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 114.v068a_c7cc2574 (включая)
cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 21%
0.0007
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 5.3
redhat
почти 2 года назад
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
CVSS3: 5.3
github
почти 2 года назад
Jenkins Git server Plugin does not perform a permission check
EPSS
Процентиль: 21%
0.0007
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269