ID CVE-2022-41233
Summary Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.11:*:*:*:*:jenkins:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 22-09-2022 - 15:48
Published 21-09-2022 - 16:15
Last modified 22-09-2022 - 15:48
Back to Top