CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.9%

CVSS Severity

CVSS v3 Score 5.4

References

http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048

Products affected by CVE-2022-36910

Jenkins » Lucene-Search » Version: N/A

cpe:2.3:a:jenkins:lucene-search:-
Jenkins » Lucene-Search » Version: 370.v62a5f618cd3a

cpe:2.3:a:jenkins:lucene-search:370.v62a5f618cd3a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-36910

Products

Pricing

Contact Us