CVE-2022-45383

Incorrect Default Permissions in maven/org.jenkins-ci.plugins/support-core

Identifiers

CVE-2022-45383

Package Slug

maven/org.jenkins-ci.plugins/support-core

Vulnerability

Incorrect Default Permissions

Description

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

Affected Versions

All versions before 1206.1208.v9b7a1d48db_0f

Solution

Upgrade to version 1206.1208.v9b7a1d48db_0f or above.

Last Modified

2022-11-21

source