QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36915

Published: Jul 27, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

Vendor	Product	Versions
Jenkins project	Jenkins Android Signing Plugin	affected `unspecified - <= 2.2.5` unknown `next of 2.2.5 - < unspecified`

References

https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2404

x_refsource_CONFIRM

[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2022-36915 - Security Vulnerability | QwikSec