Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-4r39-f4rh-j6q8

GitHub Security Advisory

Missing permission check in Jenkins Gerrit Trigger Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.

Affected Packages

Maven com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Affected versions: 0 (fixed in 2.30.2)

Related CVEs

CVE-2019-16552

Key Information

GHSA ID
GHSA-4r39-f4rh-j6q8
Published
May 24, 2022 5:03 PM
Last Modified
November 1, 2022 10:48 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.