CVE-2022-30947 — HIGH (7.5)

Q: How severe is CVE-2022-30947?

CVE-2022-30947 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30947?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Git.

Vulnerability Description

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Git	< 4.11.2

References

http://www.openwall.com/lists/oss-security/2022/05/17/8Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/05/17/8Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478Vendor Advisory

FAQ

What is CVE-2022-30947?

CVE-2022-30947 is a vulnerability with a CVSS score of 7.5 (HIGH). Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obta...

How severe is CVE-2022-30947?

CVE-2022-30947 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30947?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Git.