cvedb.io
CVE-2022-41230
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2022-09-21T16:15:10.217 · Last modified 2026-06-17T05:02:50.203

Summary

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

Affected products

jenkins — build-publisher

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.