Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m8w5-vwq3-gp8f

GitHub Security Advisory

Lucene-Search Plugin does not perform permission checks in several HTTP endpoints

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Affected Packages

Maven org.jenkins-ci.plugins:lucene-search
Affected versions: 0 (fixed in 387.v938a)

Related CVEs

CVE-2022-36910

Key Information

GHSA ID
GHSA-m8w5-vwq3-gp8f
Published
July 28, 2022 12:00 AM
Last Modified
January 3, 2024 1:59 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:lucene-search
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.