Jenkins Git <=4.11.3 - Missing Authorization
ID: CVE-2022-36883
Severity: high
Author: c-sh0
Tags: cve,cve2022,jenkins,plugin,git,intrusive
Description
Section titled “Description”Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
YAML Source
Section titled “YAML Source”id: CVE-2022-36883
info: name: Jenkins Git <=4.11.3 - Missing Authorization author: c-sh0 severity: high description: Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | This vulnerability can lead to unauthorized access to sensitive data and unauthorized actions being performed on the Jenkins Git plugin. remediation: | Upgrade to a fixed version of the Jenkins Git plugin (>=4.11.4) or apply the provided patch to mitigate the vulnerability. reference: - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883 - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 - http://www.openwall.com/lists/oss-security/2022/07/27/1 - https://github.com/StarCrossPortal/scalpel classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2022-36883 cwe-id: CWE-862 epss-score: 0.01328 epss-percentile: 0.84605 cpe: cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:* metadata: verified: true max-request: 1 vendor: jenkins product: git framework: jenkins shodan-query: - X-Jenkins - x-jenkins tags: cve,cve2022,jenkins,plugin,git,intrusive
http: - method: GET path: - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}"
matchers-condition: and matchers: - type: word part: body words: - "repository:" - SCM API plugin condition: and
- type: status status: - 200# digest: 4b0a00483046022100ae66bb20dc5c4d5225b0f41cc9755c6c441755e9f854093e138e24d729b7b84e022100a1c9b2a62a1c49f5f28fc67ae1cd09fd6c1593fcfa33e5da7712b0f74eaaecdf:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-36883.yaml"