CVE-2022-30947 : Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories st

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Published 2022-05-17 15:15:09

Updated 2024-01-09 03:20:23

Source Jenkins Project

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-30947

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-30947

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2022-30947

http://www.openwall.com/lists/oss-security/2022/05/17/8

oss-security - Multiple vulnerabilities in Jenkins plugins
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478

Jenkins Security Advisory 2022-05-17
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-30947

Jenkins » GIT » For Jenkins
Versions before (<) 4.11.2
cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*
Matching versions

Vulnerability Details : CVE-2022-30947

Exploit prediction scoring system (EPSS) score for CVE-2022-30947

CVSS scores for CVE-2022-30947

References for CVE-2022-30947

Products affected by CVE-2022-30947