CVE-2022-27203

Description

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.

Related CPE's

ajenkinsextended_choice_parameter*****jenkins**

References

https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1351

Vendor Advisory

[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

LOW

BaseScore

6.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

4

VectorString

AV:N/AC:L/Au:S/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io