CVE-2022-36883 – Jenkins Plugin Information Exposure

Description

Kayran has detected that the Version of the Jenkins Git Plugin being used is vulnerable to Information Exposure.
This version is missing a permission check in Jenkins Git Plugin

CVE-2022-36883 is categorized as a ‘Missing Authorization’ vulnerability (CWE-862).
Issues from this category appear when the software does not perform an authorization check when a user attempts to access a resource or to perform an action.

That will allow attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2022-36883, upgrade the version of Jenkins Git Plugin being used to 4.11.4 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36883

https://cwe.mitre.org/data/definitions/200.html

https://cwe.mitre.org/data/definitions/862.html

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »