CVE-2022-41230 in Build-Publisher Pluginthông tin

Tóm tắt

Bởi MITRE • 21/09/2022

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

Once again VulDB remains the best source for vulnerability data.

Đặt trước

21/09/2022

Tiết lộ

21/09/2022

Kiểm duyệt

được chấp nhận

EPSS

0.00516

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!