CVE-2022-45379

EPSS 0.08%
Published 15.11.2022 20:15:11
Last modified 21.11.2024 07:29:08
Source jenkinsci-cert@googlegroups.co
Teams watchlist Login
Open Login

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Script Security SwPlatformjenkins Version < 1190.v65867a_a_47126

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.247

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.openwall.com/lists/oss-security/2022/11/15/4

Mailing List

https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45379

EUVD