Unauthorized Access in Jenkins Request Rename Or Delete Plugin
CVE-2022-34814
4.3MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 30 June 2022
Summary
The Request Rename Or Delete Plugin for Jenkins versions 1.1.0 and earlier contains a vulnerability where it fails to adequately validate permissions for an HTTP endpoint. This oversight permits users with Overall/Read access to access restricted administrative configuration pages, potentially compromising sensitive information about pending requests.
Affected Version(s)
Jenkins Request Rename Or Delete Plugin <= 1.1.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved