Lucene search
HistoryOct 19, 2022 - 4:15 p.m.
CVE-2022-43435
cve-2022-43435
jenkins
fireline plugin
content security policy
vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
33.7%
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
Affected configurations
Node
jenkins360_firelineRange≤1.7.2jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:360_fireline | jenkins 360 fireline | le | 1.7.2 |
CNA Affected
[
{
"product": "Jenkins 360 FireLine Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.7.2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
2022-10-19 19:00:18
CVE-2022-43435
2022-10-19 16:15:12
github
github
cvelist
cvelist
CVE-2022-43435
2022-10-19 00:00:00
nvd
nvd
CVE-2022-43435
2022-10-19 16:15:12
prion
prion
Design/Logic Flaw
2022-10-19 16:15:00
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-10-19)
2023-03-03 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
33.7%
Related for CVE-2022-43435