Description
Cytrix has detected that the Version of the Jenkins Git Plugin being used is vulnerable to Information Exposure.
This version is missing a permission check in Jenkins Git Plugin
CVE-2022-36883 is categorized as a ‘Missing Authorization’ vulnerability (CWE-862).
Issues from this category appear when the software does not perform an authorization check when a user attempts to access a resource or to perform an action.
That will allow attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.
Recommendation
To fix CVE-2022-36883, upgrade the version of Jenkins Git Plugin being used to 4.11.4 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36883
https://cwe.mitre.org/data/definitions/200.html
https://cwe.mitre.org/data/definitions/862.html