Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2022-20616

Published: 12/01/2022 Updated: 22/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Jenkins Credentials Binding Plugin 1.27 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins credentials binding

Vendor Advisories

Red Hat: CVE-2022-20616
Jenkins Credentials Binding Plugin 127 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file ...

Mailing Lists

Full Disclosure: Multiple vulnerabilities in Jenkins and Jenkins plugins
Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * Jenkins 2330 * Jenkins LTS 23192 * Active Directory Plugin 2251 * Badge Plugin 191 * Bitbucket Branch Source Plugin 746v350d2781c184 ...

References

CWE-862https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342http://www.openwall.com/lists/oss-security/2022/01/12/6https://nvd.nist.govhttp://seclists.org/oss-sec/2022/q1/31https://access.redhat.com/security/cve/cve-2022-20616
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080log injectionCVE-2024-6041CVE-2024-37661XML external entityCVE-2024-0845privilege escalationCVE-2023-37057CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook