Jenkins Security Advisory 2022-06-22
Affects Jenkins Core Affects plugin: Agent Server Parameter Affects plugin: Beaker builder Affects plugin: Convertigo Mobile Platform Affects plugin: CRX Content Package Deployer Affects plugin: Date Parameter Affects plugin: Dynamic Extended Choice Parameter Affects plugin: EasyQA Affects plugin: Embeddable Build Status Affects plugin: Filesystem List Parameter Affects plugin: Hidden Parameter Affects plugin: Image Tag Parameter Affects plugin: Jianliao Notification Affects plugin: JUnit Affects plugin: Maven Metadata Plugin for Jenkins CI server Affects plugin: Nested View Affects plugin: NS-ND Integration Performance Publisher Affects plugin: ontrack Jenkins Affects plugin: Package Version Affects plugin: Pipeline: Input Step Affects plugin: Readonly Parameter Affects plugin: Repository Connector Affects plugin: REST List Parameter Affects plugin: Sauce OnDemand Affects plugin: Squash TM Publisher (Squash4Jenkins) Affects plugin: Stash Branch Parameter Affects plugin: ThreadFix Affects plugin: vRealize Orchestrator Affects plugin: xUnit
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-06-22/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2022-341701.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341711.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341721.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341731.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341741.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 65% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341751.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 67% of all scored CVEs.
- Exploitation likely imminentCVE-2022-34176EPSS puts this in the most-targeted tier (77.0% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341771.5% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 71% of all scored CVEs.
- Low exploitation riskCVE-2022-341780.91% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 56% of all scored CVEs.
- Moderate exploitation riskCVE-2022-341791.6% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 73% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownJenkins Security Advisory 2022-10-19jenkins
- unknownJenkins Security Advisory 2022-06-30jenkins
- unknownJenkins Security Advisory 2022-05-17jenkins
- unknownJenkins Security Advisory 2022-04-12jenkins
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18