High severityNVD Advisory· Published Nov 15, 2022· Updated Aug 3, 2024
CVE-2022-45379
CVE-2022-45379
Description
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:script-securityMaven | < 1190.v65867a_a_47126 | 1190.v65867a_a_47126 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fv42-mx39-6fpwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-45379ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/11/15/4ghsamailing-listWEB
- github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66ghsaWEB
- www.jenkins.io/security/advisory/2022-11-15/ghsaWEB
News mentions
1- Jenkins Security Advisory 2022-11-15Jenkins Security Advisories · Nov 15, 2022