Back to search
CVE-2022-36910
Published: Jul 27, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins Lucene-Search Plugin | affected unspecified - <= 370.v62a5f618cd3aunknown next of 370.v62a5f618cd3a - < unspecified |
References
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048
x_refsource_CONFIRM
[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now