VYPR
← All advisories
Moderate severityNVD Advisory· Published Jul 27, 2022· Updated Aug 3, 2024

CVE-2022-36892

CVE-2022-36892

Description

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier lacks a permission check in a form validation method, allowing attackers with Item/Read to check file patterns in workspace.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier lacks a permission check in a form validation method, allowing attackers with Item/Read to check file patterns in workspace.

Vulnerability

The Jenkins rhnpush-plugin Plugin, versions 0.5.1 and earlier, fails to perform a required permission check in the doCheckIncludes form validation method. This method is used to validate file patterns against the workspace contents, and it should require Item/Workspace or Item/Configure permissions. However, it only requires the ability to reach the method, which is accessible to users with Item/Read permission [1][3].

Exploitation

An attacker with Item/Read permission can exploit this missing permission check by sending a crafted form validation request to the doCheckIncludes endpoint. The attacker can specify arbitrary file patterns and determine whether they match files in the workspace, even without having direct workspace access [1]. No additional authentication is required beyond the attacker's existing permissions.

Impact

This vulnerability allows attackers to infer the existence of files or directories in the workspace of a Jenkins job, potentially leaking sensitive information such as configuration files or other data stored in the workspace. The check is binary (match or no match), so it can be used to brute-force file names or validate guesses [3].

Mitigation

The issue is fixed in rhnpush-plugin version 0.5.2, which adds the missing Item.WORKSPACE permission check [4]. Users should update to this version or later. No workarounds are available. The plugin does not appear on the CISA KEV list [2].

References
  1. Jenkins Security Advisory 2022-07-27
  2. security - Multiple vulnerabilities in Jenkins plugins
  3. NVD - CVE-2022-36892
  4. SECURITY-2402 · jenkinsci/rhnpush-plugin@7827db3

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:rhnpush-pluginMaven
< 0.5.20.5.2

Affected products

2

Patches

1
7827db39925d

SECURITY-2402

https://github.com/jenkinsci/rhnpush-pluginMarco TizzoniJul 18, 2022via ghsa
commit
1 file changed · +2 0
  • src/main/java/jenkins/plugins/rhnpush/RhnPush.java+2 0 modified
    @@ -7,6 +7,7 @@
 import hudson.model.AbstractBuild;
 import hudson.model.AbstractProject;
 import hudson.model.BuildListener;
+import hudson.model.Item;
 import hudson.model.Result;
 import hudson.tasks.BuildStepDescriptor;
 import hudson.tasks.BuildStepMonitor;
@@ -297,6 +298,7 @@ public FormValidation doCheckChannels(@AncestorInPath AbstractProject project, @
 
     public FormValidation doCheckIncludes(@AncestorInPath AbstractProject project, @QueryParameter String value) throws IOException, InterruptedException {
       FilePath workspace = project.getWorkspace();
+      project.checkPermission(Item.WORKSPACE);
       if (workspace == null) {
         throw new IllegalStateException("Could not get a workspace.");
       }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.