ID CVE-2022-25201
Summary Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:checkmarx:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:7.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:7.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.1.0-1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.1.0-1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.1.0-2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.1.0-2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.41.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.41.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.42.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.42.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.50.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.50.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.60.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.60.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.60.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.60.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.70.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.70.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.80.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.80.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.80.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.80.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.90.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.90.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.90.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.90.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:8.90.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:8.90.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2020.2.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2020.2.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2020.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2020.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2020.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2020.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2020.4.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2020.4.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.2.94:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.2.94:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.2.96:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.2.96:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2021.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2021.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:checkmarx:2022.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:checkmarx:2022.1.2:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 03-11-2023 - 16:22)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 03-11-2023 - 16:22
Published 15-02-2022 - 17:15
Last modified 03-11-2023 - 16:22
Back to Top