{
  "threat_severity" : "Important",
  "public_date" : "2022-05-17T00:00:00Z",
  "bugzilla" : {
    "description" : "plugin: Mercurial SCM plugin can check out from the controller file system",
    "id" : "2119644",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2119644"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-435",
  "details" : [ "Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.", "A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited information about other projects' SCM contents." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.8",
    "release_date" : "2023-01-12T00:00:00Z",
    "advisory" : "RHSA-2023:0017",
    "cpe" : "cpe:/a:redhat:openshift:4.8::el8",
    "package" : "jenkins-2-plugins-0:4.8.1672842762-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Will not fix",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-30948\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30948\nhttps://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478" ],
  "name" : "CVE-2022-30948",
  "csaw" : false
}