Lucene search

JenkinsCVELIST:CVE-2022-25211

HistoryFeb 15, 2022 - 4:11 p.m.

CVE-2022-25211

2022-02-1516:11:49

jenkins

www.cve.org

jenkins

swamp plugin

permission check

web server

credentials

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials.

CNA Affected

[
  {
    "product": "Jenkins SWAMP Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.2.6",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1988