CVE-2022-30949
Description
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controllers file system using local paths as SCM URLs, obtaining limited information about other projects SCM contents.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.83
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-30949 are fixed in Jenkins - repo 1.14.1 | Windows |
| Vulnerabilities CVE-2022-30949,CVE-2022-30947 are fixed in Jenkins - git 4.11.2 | Windows |
| Vulnerabilities CVE-2022-30949 are fixed in Jenkins - repo for Linux 1.14.1 | Linux |
| Vulnerabilities CVE-2022-30949,CVE-2022-30947 are fixed in Jenkins - git for Linux 4.11.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234