CVE-2022-34811

The Jenkins XPath Configuration Viewer Plugin up to version 1.1.1 fails to perform a proper permission check when rendering the XPath Configuration Viewer page. This missing authorization allows any user with the Overall/Read permission to view the page, which should require a higher privilege level such as Overall/Administer [1].

An attacker who has already obtained Overall/Read access to a Jenkins instance—a relatively low privilege—can directly navigate to the XPath Configuration Viewer page. No additional authentication or special network position is required beyond being able to access the Jenkins web interface [1][2].

By accessing this page, the attacker can view the XPath configuration settings, which may contain sensitive information about the Jenkins environment or job configurations. This information leakage could aid in further attacks or expose internal details [1].

The vulnerability is fixed in XPath Configuration Viewer Plugin version 1.1.2. Users should upgrade to this version or later. There is no known workaround, and the plugin is not listed on CISA's Known Exploited Vulnerabilities catalog as of the advisory date [1].