Main Vulnerability Database Vulnerabilities #VU68590

Security features bypass in XFramium Builder - CVE-2022-43432

Published: October 24, 2022

Vulnerability identifier: #VU68590

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-43432

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XFramium Builder

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to bypass security features.

The vulnerability exists due to the affected plugin programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. A remote attacker can bypass implemented security restrictions and elevate privileges on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Security features bypass in XFramium Builder - CVE-2022-43432

Description

Remediation

External links

Please verify you're human