CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Jenkins Security Advisory 2022-05-17

unknownCVE-2022-30945CVE-2022-30946CVE-2022-30947CVE-2022-30948CVE-2022-30949CVE-2022-30950
Affects plugin: Application Detector Affects plugin: Autocomplete Parameter Affects plugin: Blue Ocean Affects plugin: Git Affects plugin: GitLab Affects plugin: Global Variable String Parameter Affects plugin: JDK Parameter Affects plugin: Mercurial Affects plugin: Multiselect parameter Affects plugin: Pipeline SCM API for Blue Ocean Affects plugin: Pipeline: Groovy Affects plugin: Promoted Builds (Simple) Affects plugin: Random String Parameter Affects plugin: REPO Affects plugin: Rundeck Affects plugin: Script Security Affects plugin: Selection tasks Affects plugin: SSH Affects plugin: Storable Configs Affects plugin: vboxwrapper Affects plugin: windows-slaves

Details

Source
Jenkins Security Advisories (INTL · vendor-psirt · site)
Severity
unknown
Published
2022-05-17
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.jenkins.io/security/advisory/2022-05-17/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2022-30945coverage & exploitation statusNVD · CVE.org
CVE-2022-30946coverage & exploitation statusNVD · CVE.org
CVE-2022-30947coverage & exploitation statusNVD · CVE.org
CVE-2022-30948coverage & exploitation statusNVD · CVE.org
CVE-2022-30949coverage & exploitation statusNVD · CVE.org
CVE-2022-30950coverage & exploitation statusNVD · CVE.org
CVE-2022-30951coverage & exploitation statusNVD · CVE.org
CVE-2022-30952coverage & exploitation statusNVD · CVE.org
CVE-2022-30953coverage & exploitation statusNVD · CVE.org
CVE-2022-30954coverage & exploitation statusNVD · CVE.org
CVE-2022-30955coverage & exploitation statusNVD · CVE.org
CVE-2022-30956coverage & exploitation statusNVD · CVE.org
CVE-2022-30957coverage & exploitation statusNVD · CVE.org
CVE-2022-30958coverage & exploitation statusNVD · CVE.org
CVE-2022-30959coverage & exploitation statusNVD · CVE.org
CVE-2022-30960coverage & exploitation statusNVD · CVE.org
CVE-2022-30961coverage & exploitation statusNVD · CVE.org
CVE-2022-30962coverage & exploitation statusNVD · CVE.org
CVE-2022-30963coverage & exploitation statusNVD · CVE.org
CVE-2022-30964coverage & exploitation statusNVD · CVE.org
CVE-2022-30965coverage & exploitation statusNVD · CVE.org
CVE-2022-30966coverage & exploitation statusNVD · CVE.org
CVE-2022-30967coverage & exploitation statusNVD · CVE.org
CVE-2022-30968coverage & exploitation statusNVD · CVE.org
CVE-2017-2601coverage & exploitation statusNVD · CVE.org
CVE-2022-30969coverage & exploitation statusNVD · CVE.org
CVE-2022-30970coverage & exploitation statusNVD · CVE.org
CVE-2022-30971coverage & exploitation statusNVD · CVE.org
CVE-2022-30972coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Jenkins Security Advisories