Script Security Vulnerability in Jenkins Plugin by Jenkins
CVE-2022-45379

7.5HIGH

Key Information:

Vendor

Jenkins
Status
Jenkins Script Security Plugin
Vendor
CVE Published:
15 November 2022

What is CVE-2022-45379?

The Jenkins Script Security Plugin prior to version 1189.vb_a_b_7c8fd5fde is susceptible to security risks due to the storage method of script approvals. It utilizes the SHA-1 hash of the whole-script approvals, which opens the door to potential collision attacks, enabling malicious actors to craft scripts capable of bypassing security measures. Organizations using this plugin should ensure they update to the latest version to mitigate these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Script Security Plugin <= 1189.vb_a_b_7c8fd5fde

Jenkins Script Security Plugin 1175.1179.vea_f7532629e1

References

https://www.jenkins.io/security/advisory/2022-11-15/#SECU...
http://www.openwall.com/lists/oss-security/2022/11/15/4
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.