CVE-2022-45379

2022-11-1520:15:11

CWE-326

[email protected]

web.nvd.nist.gov

259

jenkins

script security plugin

cve-2022-45379

nvd

vulnerability

sha-1 hash

collision attacks

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Affected configurations

NVD

Node

jenkinsscript_securityRange<1190.v65867a_a_47126jenkins

CPENameOperatorVersion
jenkins:script_securityjenkins script securitylt1190.v65867a_a_47126

CPE	Name	Operator	Version
jenkins:script_security	jenkins script security	lt	1190.v65867a_a_47126

CNA Affected

[
  {
    "product": "Jenkins Script Security Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1189.vb_a_b_7c8fd5fde",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "1175.1179.vea_f7532629e1"
      }
    ]
  }
]