Jenkins Recipe Plugin Vulnerability Exposes Sensitive Data to Unauthorized Access
CVE-2022-34794

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Recipe Plugin
Vendor: CVE Published:; 30 June 2022

Summary

The Jenkins Recipe Plugin, specifically in version 1.2 and earlier, suffers from a critical oversight where missing permission checks allow users with Overall/Read access to send HTTP requests to any specified URL. This flaw leads to the ability to parse the response as XML, potentially exposing sensitive information and enabling further attacks on the system.

Affected Version(s)

Jenkins Recipe Plugin <= 1.2

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022