.. / CVE-2022-36883

Exploit for Jenkins Git <=4.11.3 - Missing Authorization (CVE-2022-36883)

Description:

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2022-36883.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-36883.yaml
Copy

References:

https://github.com/StarCrossPortal/scalpel
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883
https://nvd.nist.gov/vuln/detail/CVE-2022-36883
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284