Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-30947

Good to know:

icon

Date: May 17, 2022

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Language: Java

Severity Score

Related Resources (8)

http://www.openwall.com/lists/oss-security/2022/05/17/8
https://github.com/jenkinsci/git-plugin/commit/b295606e0b865c298fde27bea14f9b7535a976e6
https://nvd.nist.gov/vuln/detail/CVE-2022-30947
https://github.com/jenkinsci/git-plugin
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478
https://github.com/jenkinsci/repo-plugin/commit/3c8e6236b1088fc138a1a3e6af5ebbcb8b616f2f
https://github.com/jenkinsci/mercurial-plugin/commit/55904fbb8c9d3e0b36fc26330374904cb68e8758
https://www.mend.io/vulnerability-database/CVE-2022-30947

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:git:4.11.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us