CVE-2022-45379

Description

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

Affected products

• Jenkins Project / Jenkins Script Security Pluginunspecified – 1189.vb_a_b_7c8fd5fde
• Jenkins Project / Jenkins Script Security Plugin1175.1179.vea_f7532629e1 – 1175.1179.vea_f7532629e1

References

• MISChttps://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/11/15/4