Jenkins Security Advisory 2022-11-15
Affects plugin: Associated Files Affects plugin: BART Affects plugin: CCCC Affects plugin: CloudBees Docker Hub/Registry Notification Affects plugin: Cluster Statistics Affects plugin: Config Rotator Affects plugin: Delete log Affects plugin: JAPEX Affects plugin: JUnit Affects plugin: loader.io Affects plugin: Naginator Affects plugin: NS-ND Integration Performance Publisher Affects plugin: OSF Builder Suite : : XML Linter Affects plugin: Pipeline Utility Steps Affects plugin: Reverse Proxy Auth Affects plugin: Script Security Affects plugin: SourceMonitor Affects plugin: Support Core Affects plugin: Violations Affects plugin: XP-Dev
Details
Original advisory: https://www.jenkins.io/security/advisory/2022-11-15/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2022-453790.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2022-453800.62% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Elevated exploitation riskCVE-2022-3398042.6% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 99% of all scored CVEs.
- Moderate exploitation riskCVE-2022-453811.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Low exploitation riskCVE-2022-453820.59% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2022-453830.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2022-453840.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2022-453850.57% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 43% of all scored CVEs.
- Low exploitation riskCVE-2022-453920.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2022-453910.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18