CVE-2022-45379 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-45379

CVE-2022-45379

November 15, 2022

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Affected Packages

org.jenkins-ci.plugins:script-security (JAVA):

Affected version(s) >=1.0-beta-1 <1190.v65867a_a_47126

Fix Suggestion:

Update to version 1190.v65867a_a_47126

Related Resources (5)

http://www.openwall.com/lists/oss-security/2022/11/15/4

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564

https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66

https://github.com/jenkinsci/script-security-plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-45379

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Use of Weak Hash

CWE-328

Inadequate Encryption Strength

CWE-326

EPSS

Base Score:

0.32

Products

Solutions

Resources

Company

Compare

Developer Tools