CVE-2022-45383

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-45383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45383
Aliases
Published
2022-11-15T20:15:11.730Z
Modified
2026-04-12T03:22:23.071465Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

References

Affected packages

Git / github.com/jenkinsci/support-core-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/support-core-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9b7a1d48db0fdfb840ca3393e9462e687e69385b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1206.1208.v9b_7a_1d48db_0f"
        }
    ]
}

Affected versions

1124.*
1124.vb_16439f088b_4
1130.*
1130.vb_eef6015fc37
1140.*
1140.vb_b_3b_7d866b_a_8
1148.*
1148.vedff8cb_56a_da_
1158.*
1158.v9189f64fec8c
1162.*
1162.vb_b_e5198c6b_22
1172.*
1172.va_1fcf85806d0
1174.*
1174.vc46f6b_04d894
1195.*
1195.v20a_701e8897e
1201.*
1201.v8d1f54a_6ec7c
1204.*
1204.v7ee88742a_53f
1206.*
1206.v14049fa_b_d860
support-core-1.*
support-core-1.0
support-core-1.1
support-core-1.2
support-core-1.3
support-core-1.4
support-core-1.5
support-core-1.6
support-core-1.7
support-core-1.8
support-core-2.*
support-core-2.0
support-core-2.1
support-core-2.10
support-core-2.11
support-core-2.12
support-core-2.13
support-core-2.14
support-core-2.15
support-core-2.16
support-core-2.17
support-core-2.18
support-core-2.19
support-core-2.2
support-core-2.20
support-core-2.21
support-core-2.22
support-core-2.23
support-core-2.24
support-core-2.25
support-core-2.27
support-core-2.28
support-core-2.29
support-core-2.3
support-core-2.30
support-core-2.31
support-core-2.32
support-core-2.33
support-core-2.34
support-core-2.35
support-core-2.36
support-core-2.37
support-core-2.38
support-core-2.39
support-core-2.4
support-core-2.40
support-core-2.41
support-core-2.42
support-core-2.43
support-core-2.44
support-core-2.45
support-core-2.45.1
support-core-2.46
support-core-2.47
support-core-2.48
support-core-2.49
support-core-2.5
support-core-2.50
support-core-2.51
support-core-2.52
support-core-2.53
support-core-2.54
support-core-2.55
support-core-2.56
support-core-2.57
support-core-2.58
support-core-2.59
support-core-2.6
support-core-2.60
support-core-2.61
support-core-2.62
support-core-2.63
support-core-2.63-alpha
support-core-2.64
support-core-2.65
support-core-2.66
support-core-2.67
support-core-2.68
support-core-2.69
support-core-2.7
support-core-2.70
support-core-2.71
support-core-2.72
support-core-2.73
support-core-2.74
support-core-2.75
support-core-2.76
support-core-2.77
support-core-2.78
support-core-2.79
support-core-2.8
support-core-2.80
support-core-2.81
support-core-2.9

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "file": "src/test/java/com/cloudbees/jenkins/support/SupportActionTest.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-01bd6aad",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "104483073693456177066109938925216498686",
                "336836711370268126306402232405132760659",
                "165260758011893146382937562548366217394",
                "66060796664023225318753605878902030302"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "function": "getTarget",
            "file": "src/main/java/com/cloudbees/jenkins/support/SupportAction.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-33739a03",
        "signature_type": "Function",
        "digest": {
            "length": 90.0,
            "function_hash": "177699259719854405812483175144198246928"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "file": "src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-643755cb",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "9232348173681057872725717984153627024",
                "164118384775383547898354033579143559453",
                "190848995085566345735773691203324044790"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "file": "src/main/java/com/cloudbees/jenkins/support/SupportAction.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-6cd38f52",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "184031825937425159391630163286571495691",
                "324600363158614502089472989892742878990",
                "191662285163417766952729967410772750010",
                "68415309627846802530404581906853150673",
                "299655602491076560228113005566579345218",
                "164171145959959844856738004836372485999",
                "73061823490578169499954395521777029238",
                "114043650130897100845543965078375518301"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "function": "run",
            "file": "src/main/java/com/cloudbees/jenkins/support/SupportCommand.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-d94ca34a",
        "signature_type": "Function",
        "digest": {
            "length": 1251.0,
            "function_hash": "55768873027299202138265451140490654260"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "file": "src/main/java/com/cloudbees/jenkins/support/SupportCommand.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-e04915ae",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "322763129365600462149425820068939403417",
                "199483780730559384191687664305145609919",
                "241595549676398038470650981867232877464",
                "190372426663965885845525159661454337821"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b",
        "target": {
            "function": "deleteExistingBundleWithoutPermissionWillFail",
            "file": "src/test/java/com/cloudbees/jenkins/support/SupportActionTest.java"
        },
        "deprecated": false,
        "id": "CVE-2022-45383-e2433e7e",
        "signature_type": "Function",
        "digest": {
            "length": 428.0,
            "function_hash": "139705978724134781656125372194212312764"
        }
    }
]
vanir_signatures_modified 
"2026-04-12T03:22:23Z"
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45383.json"