CVE-2022-34175

Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
2.335 ≤
𝑥
≤ 2.355
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777