CVE-2022-36884: Exposure of Sensitive Information to an Unauthorized Actor

July 27, 2022 (updated November 22, 2023)

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.

References

www.openwall.com/lists/oss-security/2022/07/27/1
nvd.nist.gov/vuln/detail/CVE-2022-36884
www.jenkins.io/security/advisory/2022-07-27/

Detect and mitigate CVE-2022-36884 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →