Jenkins Security Advisory 2022-02-15
Affects plugin: Agent Server Parameter Affects plugin: autonomiq Affects plugin: Checkmarx Affects plugin: Conjur Secrets Affects plugin: Convertigo Mobile Platform Affects plugin: Custom Checkbox Parameter Affects plugin: dbCharts Affects plugin: Doktor Affects plugin: Fortify Affects plugin: Generic Webhook Trigger Affects plugin: GitLab Authentication Affects plugin: HashiCorp Vault Affects plugin: Pipeline: Build Step Affects plugin: Pipeline: Deprecated Groovy Libraries Affects plugin: Pipeline: Groovy Affects plugin: Pipeline: Multibranch Affects plugin: Promoted Builds (Simple) Affects plugin: SCP publisher Affects plugin: Chef Sinatra Affects plugin: Snow Commander Affects plugin: Support Core Affects plugin: SWAMP Affects plugin: Team Views
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-02-15/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2022-251731.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 70% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251741.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 70% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251751.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 69% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251761.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 75% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251771.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 75% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251781.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 74% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251791.8% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 76% of all scored CVEs.
- Low exploitation riskCVE-2022-251800.53% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 41% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251811.6% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 73% of all scored CVEs.
- Moderate exploitation riskCVE-2022-251821.6% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 73% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18