Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wwf6-x2rv-vxqh

GitHub Security Advisory

Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected Packages

Maven com.checkmarx.jenkins:checkmarx
Affected versions: 0 (fixed in 2022.1.3)

Related CVEs

CVE-2022-25201

Key Information

GHSA ID
GHSA-wwf6-x2rv-vxqh
Published
February 16, 2022 12:01 AM
Last Modified
December 1, 2022 10:23 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
com.checkmarx.jenkins:checkmarx
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.