Описание
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
A flaw was found in the Jenkins Git server Plugin, involving inadequate permission validation for reading Git repositories over SSH. Through the manipulation of crafted requests, a malicious actor can attain unauthorized read access to a Git repository over SSH. Subsequently, they could utilize this access to orchestrate additional attacks against the compromised system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
Jenkins Git server Plugin does not perform a permission check
5.3 Medium
CVSS3