CVE-2022-36883

HIGH NUCLEI

Jenkins Git < 4.11.3 - Missing Authorization

Title source: rule

Description

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Exploits (3)

nomisec NO CODE

by superjimmygou · poc

https://github.com/superjimmygou/CVE-2022-36883

View Code ZIP pw:eip

nomisec

by qoo7972365 · poc

https://github.com/qoo7972365/CVE-2022-36883-Poc

View on nomisec

gitlab STUB

by minhquan202 · poc

https://gitlab.com/minhquan202/cve-2022-36883

View Code ZIP pw:eip

Nuclei Templates (1)

Jenkins Git <=4.11.3 - Missing Authorization

HIGHVERIFIEDby c-sh0

Shodan: X-Jenkins || x-jenkins

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/27/1

[Vendor Advisory] https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284

Scores

CVSS v3 7.5

EPSS 0.7858

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-862

Status published

Products (2)

jenkins/git < 4.11.3

org.jenkins-ci.plugins/git 0 - 4.11.4Maven

Published Jul 27, 2022

Tracked Since Feb 18, 2026