Jenkins Security Advisory 2022-04-12
Affects plugin: Credentials Affects plugin: CVS Affects plugin: Extended Choice Parameter Affects plugin: Gerrit Trigger Affects plugin: Git Parameter Affects plugin: Google Compute Engine Affects plugin: Jira Affects plugin: Job Generator Affects plugin: Mask Passwords Affects plugin: Node and Label parameter Affects plugin: Pipeline: Deprecated Groovy Libraries Affects plugin: promoted builds Affects plugin: Publish Over FTP Affects plugin: Subversion
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-04-12/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2022-29036EPSS puts this in the most-targeted tier (78.5% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Low exploitation riskCVE-2022-290370.66% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2022-290380.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2022-290390.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2022-290400.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2022-290410.83% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 53% of all scored CVEs.
- Low exploitation riskCVE-2022-290420.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2022-290430.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2022-290440.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2022-290450.78% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownJenkins Security Advisory 2022-10-19jenkins
- unknownJenkins Security Advisory 2022-06-30jenkins
- unknownJenkins Security Advisory 2022-06-22jenkins
- unknownJenkins Security Advisory 2022-05-17jenkins
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18