Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-43434 |
CWE-ID | CWE-693 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
NeuVector Vulnerability Scanner Web applications / Modules and components for CMS |
Vendor | Jenkins |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU68592
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-43434
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the affected plugin programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. A remote user can bypass implemented security restrictions and elevate privileges on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsNeuVector Vulnerability Scanner: 1.20
External linkshttp://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865
http://www.openwall.com/lists/oss-security/2022/10/19/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.