Jenkins Lucene-Search Plugin Perm Bypass Allows Read-Only Reindex & Job Access
CVE-2022-36910 Published on July 27, 2022

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

NVD

Products Associated with CVE-2022-36910

Want to know whenever a new CVE is published for Jenkins Lucene Search? stack.watch will email you.

Jenkins Lucene Search

Affected Versions

Jenkins project Jenkins Lucene-Search Plugin:

Version unspecified, <= 370.v62a5f618cd3a is affected.
Version next of 370.v62a5f618cd3a and below unspecified is unknown.

Exploit Probability

EPSS

0.29%

Percentile

52.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Lucene-Search Plugin Perm Bypass Allows Read-Only Reindex & Job AccessCVE-2022-36910 Published on July 27, 2022

Products Associated with CVE-2022-36910

Affected Versions

Exploit Probability

Jenkins Lucene-Search Plugin Perm Bypass Allows Read-Only Reindex & Job Access
CVE-2022-36910 Published on July 27, 2022