CVE-2022-30954
Summary
| CVE | CVE-2022-30954 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-05-17 15:15:00 UTC |
|---|
| Updated | 2023-11-03 18:22:00 UTC |
|---|
| Description | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Jenkins |
Blue Ocean |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| oss-security - Multiple vulnerabilities in Jenkins plugins |
MLIST |
www.openwall.com |
|
| Jenkins Security Advisory 2022-05-17 |
CONFIRM |
www.jenkins.io |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 241063 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2023:0017)
- 241180 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 241214 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:0777)
- 770171 Red Hat OpenShift Container Platform 4.8. Security Update (RHSA-2023:0017)
- 770173 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 770178 Red Hat OpenShift Container Platform 4.9. Security Update (RHSA-2023:0777)
