Login Sign Up

CVE-2022-30947

7.5 HIGH

📋 TL;DR

The Jenkins Git Plugin vulnerability allows attackers with pipeline configuration permissions to access limited information from other projects' SCM repositories stored on the Jenkins controller's file system. This occurs when attackers can configure pipelines to check out SCM repositories using local file paths as SCM URLs. Affected users are those running Jenkins with the Git Plugin where pipeline configuration is accessible to untrusted users.

💻 Affected Systems

Products:
  • Jenkins Git Plugin
Versions: 4.11.1 and earlier
Operating Systems: All operating systems running Jenkins
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have pipeline configuration permissions. Jenkins installations using the Git Plugin with local SCM repository paths are vulnerable.

📦 What is this software?

Git by Jenkins

View all CVEs affecting Git →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive source code, configuration files, or credentials stored in other projects' SCM repositories, potentially leading to intellectual property theft or further system compromise.

🟠

Likely Case

Limited information disclosure from other projects' SCM contents, potentially exposing source code or configuration details that could aid in further attacks.

🟢

If Mitigated

With proper access controls and pipeline configuration restrictions, the impact is minimal as only authorized users can configure pipelines.

🌐 Internet-Facing: MEDIUM - If Jenkins is internet-facing and pipeline configuration is accessible to external users, the risk increases significantly.
🏢 Internal Only: MEDIUM - Internal attackers with pipeline configuration access could exploit this to access other projects' SCM contents.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires pipeline configuration access. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Git Plugin 4.11.2 or later

Vendor Advisory: https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478

Restart Required: Yes

Instructions:

1. Update Jenkins Git Plugin to version 4.11.2 or later via Jenkins Plugin Manager. 2. Restart Jenkins to apply the update. 3. Verify the plugin version is updated.

🔧 Temporary Workarounds

Restrict Pipeline Configuration Access

all

Limit who can configure pipelines to trusted users only using Jenkins' Role-Based Access Control (RBAC).

Disable Local SCM Paths

all

Configure Jenkins to prevent use of local file paths as SCM URLs in pipeline configurations.

🧯 If You Can't Patch

  • Implement strict access controls to limit pipeline configuration to trusted administrators only.
  • Monitor pipeline configuration changes and audit SCM repository access patterns for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check Jenkins Git Plugin version via Jenkins Plugin Manager or by examining the plugin's MANIFEST.MF file. If version is 4.11.1 or earlier, the system is vulnerable.

Check Version:

Check Jenkins web interface: Manage Jenkins > Plugin Manager > Installed plugins, or check file: $JENKINS_HOME/plugins/git/META-INF/MANIFEST.MF

Verify Fix Applied:

Verify Git Plugin version is 4.11.2 or later in Jenkins Plugin Manager. Test that local SCM paths cannot be used to access unauthorized repositories.

📡 Detection & Monitoring

Log Indicators:

  • Unusual pipeline configuration changes
  • SCM checkout operations using local file paths
  • Access to SCM repositories outside normal project scope

Network Indicators:

  • N/A - This is a local file system access vulnerability

SIEM Query:

Search Jenkins logs for: 'SCM checkout' AND 'file://' OR 'local path' patterns in pipeline configurations

📊 Metadata

CVE ID: CVE-2022-30947
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: May 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON