CVE-2022-30948 vulnerability in Jenkins Products
Published on May 17, 2022

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

NVD

Products Associated with CVE-2022-30948

Want to know whenever a new CVE is published for Jenkins products? stack.watch will email you.

Jenkins Repo

Jenkins Git

Jenkins Mercurial

Affected Versions

Jenkins project Jenkins Mercurial Plugin:

Version unspecified, <= 2.16 is affected.
Version 2.15.1 is unaffected.

Exploit Probability

EPSS

3.26%

Percentile

86.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-30948 vulnerability in Jenkins ProductsPublished on May 17, 2022

Products Associated with CVE-2022-30948

Affected Versions

Exploit Probability

CVE-2022-30948 vulnerability in Jenkins Products
Published on May 17, 2022