Lucene search
HistoryJul 27, 2022 - 3:15 p.m.
CVE-2022-36912
cve-2022-36912
jenkins
openstack heat plugin
permission check
security vulnerability
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.3%
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Affected configurations
Node
jenkinsopenstack_heatRange≤1.5jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:openstack_heat | jenkins openstack heat | le | 1.5 |
CNA Affected
[
{
"product": "Jenkins Openstack Heat Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.5",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-07-27 15:15:00
cvelist
cvelist
CVE-2022-36912
2022-07-27 14:27:18
osv
osv
Missing permission checks in Jenkins openstack-heat Plugin
2022-07-28 00:00:42
github
github
Missing permission checks in Jenkins openstack-heat Plugin
2022-07-28 00:00:42
nvd
nvd
CVE-2022-36912
2022-07-27 15:15:10
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.3%
Related for CVE-2022-36912