Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-45383

CVE-2022-45383

November 15, 2022

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

Affected Packages

org.jenkins-ci.plugins:support-core (JAVA):

Affected version(s) >=1.0 <1206.1208.v9b_7a_1d48db_0f

Fix Suggestion:

Update to version 1206.1208.v9b_7a_1d48db_0f

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2022-45383

https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b

https://github.com/jenkinsci/support-core-plugin

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804

http://www.openwall.com/lists/oss-security/2022/11/15/4

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Incorrect Authorization

CWE-863

EPSS

Base Score:

0.75

Products

Solutions

Resources

Company

Compare

Developer Tools