Severity
Medium
Analysis Summary
CVE-2022-45385
Jenkins CloudBees Docker Hub/Registry Notification Plugin could allow a remote attacker to bypass security restrictions, caused by the lack of authentication mechanism for webhook. By sending a specially-crafted request, an attacker could exploit this vulnerability to trigger builds of jobs in a specified repository.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-45385
Affected Vendors
Jenkins
Affected Products
Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.