CVE-2022-36910

Name of the Vulnerable Software and Affected Versions Jenkins Lucene-Search Plugin versions 370.v62a5f618cd3a and earlier

Description The issue is related to insufficient authorization procedures in the Jenkins Lucene-Search Plugin, allowing attackers with Overall/Read permission to access protected information. Specifically, the plugin does not perform permission checks in several HTTP endpoints, enabling attackers to reindex the database and obtain information about jobs that would otherwise be inaccessible to them.

Recommendations For Jenkins Lucene-Search Plugin versions 370.v62a5f618cd3a and earlier, consider disabling access to the vulnerable HTTP endpoints until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with Overall/Read permission.