CVE-2022-20616 is a vulnerability in Jenkins Credentials Binding
Published on January 12, 2022
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
Products Associated with CVE-2022-20616
Want to know whenever a new CVE is published for Jenkins Credentials Binding? stack.watch will email you.
Affected Versions
Jenkins project Jenkins Credentials Binding Plugin:- Version unspecified, <= 1.27 is affected.
- Version 1.24.1 is unaffected.
Exploit Probability
EPSS
0.03%
Percentile
7.88%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.