ID CVE-2022-28137
Summary A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:jiratestresultreporter:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:1.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:1.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:1.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:1.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:1.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:1.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.8-1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.8-1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:2.0.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:2.0.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:162.v6b2e861f5398:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:162.v6b2e861f5398:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:jiratestresultreporter:165.v817928553942:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:jiratestresultreporter:165.v817928553942:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 17-10-2022 - 19:20)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
Last major update 17-10-2022 - 19:20
Published 29-03-2022 - 13:15
Last modified 17-10-2022 - 19:20
Back to Top