Missing Permission Check in Jenkins vRealize Orchestrator Plugin by Jenkins
CVE-2022-34212

5.7MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Vrealize Orchestrator Plugin
Vendor: CVE Published:; 23 June 2022

Summary

The vRealize Orchestrator Plugin for Jenkins has a security issue that arises from a missing permission check. This vulnerability could allow an attacker with Overall/Read permission to exploit the system by sending an unauthorized HTTP POST request to a specified URL. Such an attack compromises the intended access controls, potentially leading to exposure of sensitive data or manipulation of Jenkins operations. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Jenkins vRealize Orchestrator Plugin <= 3.0

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 21, 2022