CVE-2022-30949 — MEDIUM (5.3)

Q: How severe is CVE-2022-30949?

CVE-2022-30949 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30949?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Repo.

Vulnerability Description

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Repo	< 1.15.0

References

http://www.openwall.com/lists/oss-security/2022/05/17/8Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/05/17/8Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478Vendor Advisory

FAQ

What is CVE-2022-30949?

CVE-2022-30949 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obt...

How severe is CVE-2022-30949?

CVE-2022-30949 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30949?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Repo.