Vulnerability Data

CVE-2022-20616

Track security vulnerabilities

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

Published at
2022-01-12
4 days ago
Modified
2022-01-12
4 days ago
2022
Year
The year of the turtle

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342

CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342

Read More about itMore info

http://www.openwall.com/lists/oss-security/2022/01/12/6

MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-20616"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file."
			},
			{
				"_text": "2022-01-12"
			},
			{
				"_text": "2022-01-12"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-20616"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342"
				},
				"Description": {
					"_text": "CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342"
				}
			},
			{
				"URL": {
					"_text": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
				},
				"Description": {
					"_text": "MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins"
				}
			}
		]
	}
}