CVE-2022-36883 – Jenkins Plugin Information Exposure


Kayran has detected that the Version of the Jenkins Git Plugin being used is vulnerable to Information Exposure.
This version is missing a permission check in Jenkins Git Plugin

CVE-2022-36883 is categorized as a ‘Missing Authorization’ vulnerability (CWE-862).
Issues from this category appear when the software does not perform an authorization check when a user attempts to access a resource or to perform an action.

That will allow attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.


To fix CVE-2022-36883, upgrade the version of Jenkins Git Plugin being used to 4.11.4 or higher.


< Return to all Vulnerabilities