CVE-2022-36883 – Jenkins Plugin Information Exposure

Description

Kayran has detected that the Version of the Jenkins Git Plugin being used is vulnerable to Information Exposure.
This version is missing a permission check in Jenkins Git Plugin

CVE-2022-36883 is categorized as a ‘Missing Authorization’ vulnerability (CWE-862).
Issues from this category appear when the software does not perform an authorization check when a user attempts to access a resource or to perform an action.

That will allow attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2022-36883, upgrade the version of Jenkins Git Plugin being used to 4.11.4 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36883

https://cwe.mitre.org/data/definitions/200.html

https://cwe.mitre.org/data/definitions/862.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »