Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-78fg-pvgg-6g3r

GitHub Security Advisory

Missing permission check in Jenkins OpenShift Deployer Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation.

This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.

Affected Packages

Maven org.jenkins-ci.plugins:openshift-deployer
Affected versions: 0 (last affected: 1.2.0)

Related CVEs

CVE-2022-36909

Key Information

GHSA ID
GHSA-78fg-pvgg-6g3r
Published
July 28, 2022 12:00 AM
Last Modified
December 13, 2022 1:54 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:openshift-deployer
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.