What is CVE-2022-36883?

CVE-2022-36883 is a vulnerability in Jenkins Project Git Plugin. Published 2022-07-27.

Is CVE-2022-36883 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Git Plugin

CVE-2022-36883

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified comm…

EPSS: 0.813 (99.2th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Git Plugin — versions unspecified, 4.9.3

Public proof-of-concept exploits

superjimmygou/CVE-2022-36883
qoo7972365/CVE-2022-36883-Poc
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
tanjiti/sec_

References

www.jenkins.io/security/advisory/2022-07-27/ (x_refsource_CONFIRM)
[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2022-36883?: CVE-2022-36883 is a vulnerability in Jenkins Project Git Plugin. Published 2022-07-27.
Is CVE-2022-36883 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.