Jenkins Security Advisory 2022-09-21
Affects Jenkins Core Affects plugin: Anchore Container Image Scanner Affects plugin: Apprenda Affects plugin: BigPanda Notifier Affects plugin: BMC AMI Common Configuration Affects plugin: build-publisher Affects plugin: CONS3RT Affects plugin: DotCi Affects plugin: extreme-feedback Affects plugin: NS-ND Integration Performance Publisher Affects plugin: RQM Affects plugin: Rundeck Affects plugin: SCM HttpClient Affects plugin: Security Inspector Affects plugin: SmallTest Affects plugin: View26 Test-Reporting Affects plugin: Walti Affects plugin: WildFly Deployer Affects plugin: Worksoft Execution Manager
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-09-21/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2022-412240.89% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 55% of all scored CVEs.
- Low exploitation riskCVE-2022-412250.60% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2022-412260.79% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2022-412270.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-412280.83% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 53% of all scored CVEs.
- Low exploitation riskCVE-2022-412290.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-412300.52% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 40% of all scored CVEs.
- Moderate exploitation riskCVE-2022-412311.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 65% of all scored CVEs.
- Low exploitation riskCVE-2022-412320.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-412330.52% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 40% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18