CVE-2022-36913
Description
Jenkins Openstack Heat Plugin 1.5 and earlier lacks permission checks in form validation, allowing attackers with Overall/Read to probe for arbitrary file paths on the controller.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Openstack Heat Plugin 1.5 and earlier lacks permission checks in form validation, allowing attackers with Overall/Read to probe for arbitrary file paths on the controller.
Vulnerability
Overview
Jenkins Openstack Heat Plugin versions 1.5 and earlier fail to perform permission checks in methods that implement form validation. This flaw allows any authenticated user with the Overall/Read permission to send crafted requests to these endpoints and determine whether a specified file path exists on the Jenkins controller's file system [1][4].
Exploitation
An attacker needs only the Overall/Read permission, which is typically granted to many users in a Jenkins environment. By submitting a form validation request with a target file path, the attacker can observe the response to infer the file's existence. No additional privileges or network position are required beyond access to the Jenkins web interface [1].
Impact
Successful exploitation enables an attacker to map the controller's file system, identifying the presence of sensitive files such as configuration files, credentials, or plugin artifacts. While this does not directly allow file content disclosure, it provides reconnaissance that can be leveraged in further attacks [4].
Mitigation
As of the advisory publication date (2022-07-27), no fixed version of the Openstack Heat Plugin has been announced. Administrators should restrict the Overall/Read permission to trusted users only, or consider removing the plugin if it is not essential. The Jenkins security advisory lists this issue as unresolved [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:openstack-heatMaven | <= 1.5 | — |
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-mr38-g7q2-x79pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36913ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/07/27/1ghsamailing-listx_refsource_MLISTWEB
- www.jenkins.io/security/advisory/2022-07-27/ghsax_refsource_CONFIRMWEB
- www.jenkins.io/security/advisory/2022-07-27/ghsaWEB
News mentions
0No linked articles in our index yet.