Permission Check Flaw in Jenkins Autonomiq Plugin by Jenkins
CVE-2022-25195

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Autonomiq Plugin
Vendor: CVE Published:; 15 February 2022

Summary

A vulnerability exists in the Jenkins Autonomiq Plugin versions 1.15 and earlier due to a missing permission check. Attackers who have Overall/Read permissions can leverage this flaw to connect to arbitrary URLs using compromised credentials. This major security gap could lead to unauthorized access and potential exploitation if not addressed promptly. It is essential for users and administrators to take necessary actions to mitigate risks associated with this vulnerability.

Affected Version(s)

Jenkins autonomiq Plugin <= 1.15

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022