CVE-2022-45379

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1189.vb a b 7c8fd5fde and earlier

Description The issue arises from the storage of whole-script approvals as the SHA-1 hash of the script, which no longer meets security standards for producing a cryptographically secure message digest. This makes it vulnerable to collision attacks. Administrators can revoke all previous script approvals on the In-Process Script Approval page to mitigate concerns about SHA-1 collision attacks.

Recommendations For versions 1189.vb a b 7c8fd5fde and earlier, consider revoking all previous script approvals on the In-Process Script Approval page to minimize the risk of exploitation. Update to version 1190.v65867a a 47126 or later, which uses SHA-512 for new whole-script approvals and replaces SHA-1 based approvals with SHA-512 when scripts are next used.