Vulnerabilities > CVE-2022-20614 - Missing Authorization vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

oracle

CWE-862

NVD

Published: 2022-01-12

Updated: 2023-11-22

Summary

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Mailer 391.Ve4A_38C1B_Cf4B_ Jenkins Mailer 1.1 Jenkins Mailer 1.2 Jenkins Mailer 1.3 Jenkins Mailer 1.4 Jenkins Mailer 1.5 Jenkins Mailer 1.6 Jenkins Mailer 1.7 Jenkins Mailer 1.8 Jenkins Mailer 1.10 Jenkins Mailer 1.11 Jenkins Mailer 1.12 Jenkins Mailer 1.13 Jenkins Mailer 1.14 Jenkins Mailer 1.15 Jenkins Mailer 1.16 Jenkins Mailer 1.17 Jenkins Mailer 1.18 Jenkins Mailer 1.19 Jenkins Mailer 1.20 Jenkins Mailer 1.21 Jenkins Mailer 1.22 Jenkins Mailer 1.23 Jenkins Mailer 1.24 Jenkins Mailer 1.25 Jenkins Mailer 1.26 Jenkins Mailer 1.27 Jenkins Mailer 1.28 Jenkins Mailer 1.29 Jenkins Mailer 1.29.1 Jenkins Mailer 1.30 Jenkins Mailer 1.31 Jenkins Mailer 1.31.1 Jenkins Mailer 1.32 Jenkins Mailer 1.32.1 Jenkins Mailer 1.33 Jenkins Mailer 1.34	40
Application	Oracle Oracle Communications Cloud Native Core Automated Test Suite 1.9.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References