Main Vulnerability Database Vulnerabilities #VU65922

Missing Authorization in Lucene-Search - CVE-2022-36910

Published: August 2, 2022

Vulnerability identifier: #VU65922

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-36910

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Lucene-Search

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to application does not properly impose security restrictions. A remote user can reindex the database and obtain information about jobs otherwise inaccessible to them.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2048
http://www.openwall.com/lists/oss-security/2022/07/27/1

Missing Authorization in Lucene-Search - CVE-2022-36910

Description

Remediation

External links

Please verify you're human