{"id":"CVE-2022-45383","details":"An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.","aliases":["GHSA-w2j3-pq63-339w"],"modified":"2026-04-12T03:22:23.071465Z","published":"2022-11-15T20:15:11.730Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/11/15/4"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/support-core-plugin","events":[{"introduced":"0"},{"fixed":"9b7a1d48db0fdfb840ca3393e9462e687e69385b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1206.1208.v9b_7a_1d48db_0f"}]}}],"versions":["1124.vb_16439f088b_4","1130.vb_eef6015fc37","1140.vb_b_3b_7d866b_a_8","1148.vedff8cb_56a_da_","1158.v9189f64fec8c","1162.vb_b_e5198c6b_22","1172.va_1fcf85806d0","1174.vc46f6b_04d894","1195.v20a_701e8897e","1201.v8d1f54a_6ec7c","1204.v7ee88742a_53f","1206.v14049fa_b_d860","support-core-1.0","support-core-1.1","support-core-1.2","support-core-1.3","support-core-1.4","support-core-1.5","support-core-1.6","support-core-1.7","support-core-1.8","support-core-2.0","support-core-2.1","support-core-2.10","support-core-2.11","support-core-2.12","support-core-2.13","support-core-2.14","support-core-2.15","support-core-2.16","support-core-2.17","support-core-2.18","support-core-2.19","support-core-2.2","support-core-2.20","support-core-2.21","support-core-2.22","support-core-2.23","support-core-2.24","support-core-2.25","support-core-2.27","support-core-2.28","support-core-2.29","support-core-2.3","support-core-2.30","support-core-2.31","support-core-2.32","support-core-2.33","support-core-2.34","support-core-2.35","support-core-2.36","support-core-2.37","support-core-2.38","support-core-2.39","support-core-2.4","support-core-2.40","support-core-2.41","support-core-2.42","support-core-2.43","support-core-2.44","support-core-2.45","support-core-2.45.1","support-core-2.46","support-core-2.47","support-core-2.48","support-core-2.49","support-core-2.5","support-core-2.50","support-core-2.51","support-core-2.52","support-core-2.53","support-core-2.54","support-core-2.55","support-core-2.56","support-core-2.57","support-core-2.58","support-core-2.59","support-core-2.6","support-core-2.60","support-core-2.61","support-core-2.62","support-core-2.63","support-core-2.63-alpha","support-core-2.64","support-core-2.65","support-core-2.66","support-core-2.67","support-core-2.68","support-core-2.69","support-core-2.7","support-core-2.70","support-core-2.71","support-core-2.72","support-core-2.73","support-core-2.74","support-core-2.75","support-core-2.76","support-core-2.77","support-core-2.78","support-core-2.79","support-core-2.8","support-core-2.80","support-core-2.81","support-core-2.9"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["104483073693456177066109938925216498686","336836711370268126306402232405132760659","165260758011893146382937562548366217394","66060796664023225318753605878902030302"]},"target":{"file":"src/test/java/com/cloudbees/jenkins/support/SupportActionTest.java"},"signature_version":"v1","id":"CVE-2022-45383-01bd6aad","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Function","deprecated":false,"digest":{"length":90,"function_hash":"177699259719854405812483175144198246928"},"target":{"function":"getTarget","file":"src/main/java/com/cloudbees/jenkins/support/SupportAction.java"},"signature_version":"v1","id":"CVE-2022-45383-33739a03","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["9232348173681057872725717984153627024","164118384775383547898354033579143559453","190848995085566345735773691203324044790"]},"target":{"file":"src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java"},"signature_version":"v1","id":"CVE-2022-45383-643755cb","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["184031825937425159391630163286571495691","324600363158614502089472989892742878990","191662285163417766952729967410772750010","68415309627846802530404581906853150673","299655602491076560228113005566579345218","164171145959959844856738004836372485999","73061823490578169499954395521777029238","114043650130897100845543965078375518301"]},"target":{"file":"src/main/java/com/cloudbees/jenkins/support/SupportAction.java"},"signature_version":"v1","id":"CVE-2022-45383-6cd38f52","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Function","deprecated":false,"digest":{"length":1251,"function_hash":"55768873027299202138265451140490654260"},"target":{"function":"run","file":"src/main/java/com/cloudbees/jenkins/support/SupportCommand.java"},"signature_version":"v1","id":"CVE-2022-45383-d94ca34a","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["322763129365600462149425820068939403417","199483780730559384191687664305145609919","241595549676398038470650981867232877464","190372426663965885845525159661454337821"]},"target":{"file":"src/main/java/com/cloudbees/jenkins/support/SupportCommand.java"},"signature_version":"v1","id":"CVE-2022-45383-e04915ae","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"},{"signature_type":"Function","deprecated":false,"digest":{"length":428,"function_hash":"139705978724134781656125372194212312764"},"target":{"function":"deleteExistingBundleWithoutPermissionWillFail","file":"src/test/java/com/cloudbees/jenkins/support/SupportActionTest.java"},"signature_version":"v1","id":"CVE-2022-45383-e2433e7e","source":"https://github.com/jenkinsci/support-core-plugin/commit/9b7a1d48db0fdfb840ca3393e9462e687e69385b"}],"vanir_signatures_modified":"2026-04-12T03:22:23Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}