4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-36892

GHSA ID

GHSA-w8gx-4r6w-3rx9

EPSS Score

0.23415%

CWE

CWE-862

Published

7/28/2022

Updated

1/5/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-36892

CVE-2022-36892: Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A sequence of requests can be used to effectively list workspace contents.

rhnpush-plugin Plugin 0.5.2 requires Item/Workspace permission to validate patterns with workspace contents.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-36892

GHSA ID

GHSA-w8gx-4r6w-3rx9

EPSS Score

0.23415%

CWE

CWE-862

Published

7/28/2022

Updated

1/5/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:rhnpush-plugin	maven	<= 0.5.1	0.5.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing permission checks in form validation methods. The GitHub commit 7827db3 shows a security fix adding 'project.checkPermission(Item.WORKSPACE)' to the doCheckIncludes method. This method handles pattern validation against workspace contents, and the absence of this check in versions ≤0.5.1 allowed unauthorized access. The method's purpose aligns exactly with the vulnerability description of workspace content probing via file pattern validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins r*npus*-plu*in Plu*in *.*.* *n* **rli*r *o*s not p*r*orm * p*rmission ****k in * m*t*o* impl*m*ntin* *orm v*li**tion. T*is *llows *tt**k*rs wit* It*m/R*** p*rmission *ut wit*out It*m/Worksp*** or It*m/*on*i*ur* p*rmission to ****k w**t**r *t

Reasoning

T** vuln*r**ility st*ms *rom missin* p*rmission ****ks in *orm v*li**tion m*t*o*s. T** *it*u* *ommit ******* s*ows * s**urity *ix ***in* `'proj**t.****kP*rmission(It*m.WORKSP***)'` to t** `*o****kIn*lu**s` m*t*o*. T*is m*t*o* **n*l*s p*tt*rn v*li**ti

4.3

Basic Information

Concerned about an active attack path?

CVE-2022-36892: Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI