CVE-2022-45383

Source
https://cve.org/CVERecord?id=CVE-2022-45383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45383
Aliases
Published
2022-11-15T20:15:11.730Z
Modified
2026-07-08T06:01:48.251183969Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

References

Affected packages

Git / github.com/jenkinsci/support-core-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/support-core-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1206.1208.v9b_7a_1d48db_0f"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1124.*
1124.vb_16439f088b_4
1130.*
1130.vb_eef6015fc37
1140.*
1140.vb_b_3b_7d866b_a_8
1148.*
1148.vedff8cb_56a_da_
1158.*
1158.v9189f64fec8c
1162.*
1162.vb_b_e5198c6b_22
1172.*
1172.va_1fcf85806d0
1174.*
1174.vc46f6b_04d894
1195.*
1195.v20a_701e8897e
1201.*
1201.v8d1f54a_6ec7c
1204.*
1204.v7ee88742a_53f
1206.*
1206.v14049fa_b_d860
support-core-1.*
support-core-1.0
support-core-1.1
support-core-1.2
support-core-1.3
support-core-1.4
support-core-1.5
support-core-1.6
support-core-1.7
support-core-1.8
support-core-2.*
support-core-2.0
support-core-2.1
support-core-2.10
support-core-2.11
support-core-2.12
support-core-2.13
support-core-2.14
support-core-2.15
support-core-2.16
support-core-2.17
support-core-2.18
support-core-2.19
support-core-2.2
support-core-2.20
support-core-2.21
support-core-2.22
support-core-2.23
support-core-2.24
support-core-2.25
support-core-2.27
support-core-2.28
support-core-2.29
support-core-2.3
support-core-2.30
support-core-2.31
support-core-2.32
support-core-2.33
support-core-2.34
support-core-2.35
support-core-2.36
support-core-2.37
support-core-2.38
support-core-2.39
support-core-2.4
support-core-2.40
support-core-2.41
support-core-2.42
support-core-2.43
support-core-2.44
support-core-2.45
support-core-2.45.1
support-core-2.46
support-core-2.47
support-core-2.48
support-core-2.49
support-core-2.5
support-core-2.50
support-core-2.51
support-core-2.52
support-core-2.53
support-core-2.54
support-core-2.55
support-core-2.56
support-core-2.57
support-core-2.58
support-core-2.59
support-core-2.6
support-core-2.60
support-core-2.61
support-core-2.62
support-core-2.63
support-core-2.63-alpha
support-core-2.64
support-core-2.65
support-core-2.66
support-core-2.67
support-core-2.68
support-core-2.69
support-core-2.7
support-core-2.70
support-core-2.71
support-core-2.72
support-core-2.73
support-core-2.74
support-core-2.75
support-core-2.76
support-core-2.77
support-core-2.78
support-core-2.79
support-core-2.8
support-core-2.80
support-core-2.81
support-core-2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45383.json"