CVE-2022-45379

EPSS 0.32%
Veröffentlicht 15.11.2022 20:15:11
Zuletzt bearbeitet 21.11.2024 07:29:08
Quelle jenkinsci-cert@googlegroups.co
CVE-Watchlists
Login
Unerledigt
Login

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Script Security SwPlatformjenkins Version < 1190.v65867a_a_47126

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.545

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.openwall.com/lists/oss-security/2022/11/15/4

Mailing List

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45379

EUVD