CVE-2022-34175

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.335 through 2.355

Description The issue allows attackers in some cases to bypass a protection mechanism, directly accessing view fragments containing sensitive information and bypassing permission checks in the corresponding view. This occurs because the protection added for a previous security issue is disabled for some views in the affected versions. The Jenkins security team is unaware of any vulnerable view fragment across the Jenkins plugin ecosystem.

Recommendations For versions 2.335 through 2.355, update to version 2.356 or later to restore the protection for affected views. As a temporary workaround, consider restricting access to sensitive view fragments until the issue is resolved.