CVE-2022-34779
First published: Thu Jun 30 2022(Updated: )
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Xebialabs Xl Release | <=22.0.0 | |
| Jenkins Xebialabs Xl Release | <22.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the missing permission check in Jenkins XebiaLabs XL Release Plugin?
The vulnerability ID for the missing permission check in Jenkins XebiaLabs XL Release Plugin is CVE-2022-34779.
What is the severity of CVE-2022-34779?
The severity of CVE-2022-34779 is medium with a severity value of 6.5.
What is the affected software?
The affected software is Jenkins XebiaLabs XL Release Plugin version up to 22.0.0 (inclusive) and up to 22.0.1 (exclusive).
How can an attacker exploit this vulnerability?
An attacker with Overall/Read permission can exploit this vulnerability to enumerate credentials IDs of credentials stored in Jenkins.
Are there any references for CVE-2022-34779?
Yes, you can find references for CVE-2022-34779 at the following links: [link1](https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20(1)), [link2](https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%281%29).
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins xebialabs xl release
- version/jenkins xebialabs xl release/22.0.0