Vulnerabilities > CVE-2022-30949 - Unspecified vulnerability in Jenkins Repo 1.14.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

NVD

Published: 2022-05-17

Updated: 2023-12-21

Summary

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Repo - Jenkins Repo 1.14.0	2

References

http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478