CVE-2022-45383

Published: Nov 15, 2022

Modified: Apr 30, 2025

PUBLISHED

Description

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

Vendor	Product	Versions
Jenkins project	Jenkins Support Core Plugin	affected `unspecified - <= 1206.v14049fa_b_d860` unaffected `1201.1203.v828b_ef272669`

References

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804

[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-45383

Description

Affected Products

References