CVE-2022-45379

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Published: Nov 15, 2022
Updated: Oct 26, 2023
CVE: CVE-2022-45379
GHSA: GHSA-fv42-mx39-6fpw
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-326
CWE-328

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
jenkins / script_security	-	1190.v65867a_a_47126
org.jenkins-ci.plugins / script-security	-	1190.v65867a_a_47126

http://www.openwall.com/lists/oss-security/2022/11/15/4
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564

Vulnerability Database

289,599

CVE-2022-45379