{"id":"CVE-2022-34175","details":"Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.","aliases":["BIT-jenkins-2022-34175","GHSA-p3rc-946h-8cf5"],"modified":"2026-05-18T05:53:55.558528078Z","published":"2022-06-23T17:15:15.563Z","database_specific":{},"references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jenkins","events":[{"introduced":"cdb52fdcf6a2a30ae73bc33a2cfd477728e4b44c"},{"last_affected":"d43d0b51dd18bca980f7d384ec4a353a2a66b818"}],"database_specific":{"extracted_events":[{"introduced":"2.335"},{"last_affected":"2.355"}],"cpe":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["jenkins-2.355","jenkins-2.354","jenkins-2.353","jenkins-2.352","jenkins-2.351","jenkins-2.350","jenkins-2.349","jenkins-2.348","jenkins-2.347","jenkins-2.346","jenkins-2.345","jenkins-2.344","jenkins-2.343","jenkins-2.342","jenkins-2.341","jenkins-2.340","jenkins-2.339","jenkins-2.338","jenkins-2.337","jenkins-2.336","jenkins-2.335"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34175.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}