XPath Configuration Viewer Plugin Vulnerability in Jenkins
CVE-2022-34813

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Xpath Configuration Viewer Plugin
Vendor: CVE Published:; 30 June 2022

Summary

The Jenkins XPath Configuration Viewer Plugin suffers from a vulnerability which allows users with Overall/Read permissions to create and delete XPath expressions without proper authorization. This flaw can lead to unauthorized modifications of sensitive configurations, posing a risk to the integrity of the Jenkins environment. Users are urged to evaluate their use of the affected plugin and apply any necessary updates to mitigate this risk.

Affected Version(s)

Jenkins XPath Configuration Viewer Plugin <= 1.1.1

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022