CVE-2022-34175

Name
CVE-2022-34175
Description
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* jenkins >= 2.335 <= 2.355

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jenkins edge-community 2.346.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
jenkins 3.16-community 2.346.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable