CVE-2022-30949medium
Description
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
References
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478
Details
Source: MITRE
Published: 2022-05-17
Updated: 2022-05-26
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM