Jenkins Security Advisory 2022-06-30
Affects plugin: Build Notifications Affects plugin: build-metrics Affects plugin: Cisco Spark Affects plugin: Deployment Dashboard Affects plugin: Elasticsearch Query Affects plugin: eXtreme Feedback Panel Affects plugin: Failed Job Deactivator Affects plugin: GitLab Affects plugin: hpe-network-virtualization Affects plugin: Jigomerge Affects plugin: Matrix Reloaded Affects plugin: OpsGenie Affects plugin: Plot Affects plugin: Project Inheritance Affects plugin: Recipe Affects plugin: Request Rename Or Delete Affects plugin: requests-plugin Affects plugin: Rich Text Publisher Affects plugin: RocketChat Notifier Affects plugin: RQM Affects plugin: Skype notifier Affects plugin: TestNG Results Affects plugin: Validating Email Parameter Affects plugin: XebiaLabs XL Release Affects plugin: XPath Configuration Viewer
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-06-30/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2022-34777EPSS puts this in the most-targeted tier (72.4% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
- Low exploitation riskCVE-2022-347780.57% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 43% of all scored CVEs.
- Low exploitation riskCVE-2022-347790.52% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 41% of all scored CVEs.
- Low exploitation riskCVE-2022-347800.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-347810.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2022-347820.52% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 40% of all scored CVEs.
- Exploitation likely imminentCVE-2022-34783EPSS puts this in the most-targeted tier (80.4% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Low exploitation riskCVE-2022-347840.71% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 49% of all scored CVEs.
- Low exploitation riskCVE-2022-347850.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2022-347860.57% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 43% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownJenkins Security Advisory 2022-10-19jenkins
- unknownJenkins Security Advisory 2022-06-22jenkins
- unknownJenkins Security Advisory 2022-05-17jenkins
- unknownJenkins Security Advisory 2022-04-12jenkins
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18