Vulnerabilities > CVE-2022-36915 - Missing Authorization vulnerability in Jenkins Android Signing 2.2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |