CVE-2022-25208

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25208

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25208.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25208

Aliases

GHSA-fq56-c7rj-j3j9

Published

2022-02-15T17:15:11Z

Modified

2024-09-03T04:12:12.632002Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

References

Affected packages

Git / github.com/jenkinsci/sinatra-chef-builder-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/sinatra-chef-builder-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d582972aa0ae51f00b8fa5a449b44a9f2d1f100e

Affected versions

sinatra-chef-builder-1.*

sinatra-chef-builder-1.10

sinatra-chef-builder-1.11

sinatra-chef-builder-1.12

sinatra-chef-builder-1.13

sinatra-chef-builder-1.14

sinatra-chef-builder-1.15

sinatra-chef-builder-1.17

sinatra-chef-builder-1.18

sinatra-chef-builder-1.2

sinatra-chef-builder-1.20

sinatra-chef-builder-1.3

sinatra-chef-builder-1.4

sinatra-chef-builder-1.5

sinatra-chef-builder-1.6

sinatra-chef-builder-1.7

sinatra-chef-builder-1.8

sinatra-chef-builder-1.9