{"id":"CVE-2022-36883","details":"A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.","aliases":["GHSA-v878-67xw-grw2"],"modified":"2026-04-10T04:49:45.647022Z","published":"2022-07-27T15:15:08.880Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/07/27/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-plugin","events":[{"introduced":"0"},{"last_affected":"7dd7758f2018f5fa1d6f9fd5d2b897551b1f3186"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.11.3"}]}}],"versions":["git-0.9","git-0.9.1","git-0.9.2","git-1.0","git-1.0.1","git-1.1","git-1.1.1","git-1.1.10","git-1.1.11","git-1.1.12","git-1.1.13","git-1.1.14","git-1.1.15","git-1.1.16","git-1.1.17","git-1.1.18","git-1.1.19","git-1.1.2","git-1.1.20","git-1.1.21","git-1.1.22","git-1.1.23","git-1.1.24","git-1.1.25","git-1.1.26","git-1.1.27","git-1.1.28","git-1.1.29","git-1.1.3","git-1.1.4","git-1.1.5","git-1.1.6","git-1.1.7","git-1.1.8","git-1.1.9","git-1.2.0","git-1.3.0","git-1.4.0","git-1.5.0","git-1.6.0-beta-1","git-2.0","git-2.0-beta-2","git-2.0-beta-3","git-2.0.2","git-2.0.3","git-2.0.4","git-2.1.0","git-2.2.0","git-2.2.1","git-2.3","git-2.3-beta-1","git-2.3-beta-2","git-2.3-beta-3","git-2.3-beta-4","git-2.3.1","git-2.3.2","git-2.3.3","git-2.3.4","git-2.3.5","git-2.4.0","git-2.5.0-beta2","git-2.5.0-beta3","git-2.5.0-beta4","git-2.5.0-beta5","git-3.0.0","git-3.0.0-beta2","git-3.0.1","git-3.0.2","git-3.0.2-beta-1","git-3.0.2-beta-2","git-3.0.3","git-3.0.4","git-3.0.5","git-3.1.0","git-3.2.0","git-3.3.0","git-3.3.1","git-3.4.0","git-3.4.0-beta-1","git-3.4.0-beta-2","git-3.4.1","git-3.5.0","git-3.5.1","git-3.6.0","git-3.6.1","git-3.6.2","git-3.6.3","git-3.6.4","git-3.7.0","git-3.8.0","git-3.9.0","git-4.0.0","git-4.0.0-beta1","git-4.0.0-beta10","git-4.0.0-beta11","git-4.0.0-beta12","git-4.0.0-beta2","git-4.0.0-beta3","git-4.0.0-beta7","git-4.0.0-beta8","git-4.0.0-beta9","git-4.0.0-rc","git-4.1.0","git-4.1.0-beta","git-4.1.1","git-4.10.0","git-4.10.1","git-4.10.2","git-4.10.3","git-4.11.0","git-4.11.1","git-4.11.3","git-4.2.0","git-4.2.2","git-4.3.0","git-4.4.0","git-4.4.1","git-4.4.2","git-4.4.3","git-4.4.4","git-4.4.5","git-4.5.0","git-4.5.1","git-4.5.2","git-4.6.0","git-4.7.0","git-4.7.1","git-4.7.2","git-4.8.0","git-4.8.1","git-4.8.2","git-4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36883.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}