CVE-2022-45379
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-45379
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45379.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-45379
- Aliases
- Downstream
- Published
- 2022-11-15T20:15:11Z
- Modified
- 2025-09-19T14:15:46.706570Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Script Security Plugin 1189.vbab_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
- References
Affected packages
Git / github.com/jenkinsci/script-security-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/script-security-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1118.*
1118.vba21ca2e3286
1125.*
1125.v132f99385e1b_
1131.*
1131.v8b_b_5eda_c328e
1138.*
1138.v8e727069a_025
1140.*
1140.vf967fb_efa_55a_
1145.*
1145.vb_cf6cf6ed960
1146.*
1146.vdf547f19a_473
1158.*
1158.v7c1b_73a_69a_08
1172.*
1172.v35f6a_0b_8207e
1175.*
1175.v4b_d517d6db_f0
1183.*
1183.v774b_0b_0a_a_451
1184.*
1184.v85d16b_d851b_3
1189.*
1189.vb_a_b_7c8fd5fde
script-security-1.*
script-security-1.0
script-security-1.0-beta-1
script-security-1.0-beta-2
script-security-1.0-beta-3
script-security-1.0-beta-4
script-security-1.0-beta-5
script-security-1.0-beta-6
script-security-1.1
script-security-1.10
script-security-1.11
script-security-1.12
script-security-1.13
script-security-1.14
script-security-1.15
script-security-1.16
script-security-1.17
script-security-1.18
script-security-1.19
script-security-1.2
script-security-1.20
script-security-1.21
script-security-1.22
script-security-1.23
script-security-1.24
script-security-1.25
script-security-1.26
script-security-1.27
script-security-1.28
script-security-1.29
script-security-1.3
script-security-1.30
script-security-1.31
script-security-1.32
script-security-1.33
script-security-1.34
script-security-1.35
script-security-1.36
script-security-1.37
script-security-1.38
script-security-1.39
script-security-1.4
script-security-1.40
script-security-1.41
script-security-1.42
script-security-1.43
script-security-1.44
script-security-1.45
script-security-1.46
script-security-1.47
script-security-1.48
script-security-1.49
script-security-1.5
script-security-1.50
script-security-1.51
script-security-1.52
script-security-1.53
script-security-1.54
script-security-1.55
script-security-1.56
script-security-1.57
script-security-1.58
script-security-1.59
script-security-1.6
script-security-1.60
script-security-1.61
script-security-1.62
script-security-1.63
script-security-1.64
script-security-1.65
script-security-1.66
script-security-1.67
script-security-1.68
script-security-1.69
script-security-1.7
script-security-1.70
script-security-1.71
script-security-1.72
script-security-1.73
script-security-1.74
script-security-1.75
script-security-1.76
script-security-1.77
script-security-1.78
script-security-1.8
script-security-1.9
Database specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "256635158877751585222234242789932746639",
"length": 864.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-0511c6b4",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "using"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "88360061607774274383566484070154635910",
"length": 518.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-1be5e10c",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "ScriptApproval"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"227933098372412897739306163180656334288",
"78010536403153579235636793446250086172",
"26501721091862214056503614876223577046",
"82986120004088221711500160374884790230"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-2a45691d",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/EntryApprovalTest.java"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "260085401826685322692113333199307986678",
"length": 406.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-36502fb2",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "hash"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "25690599932531513004979134957108194650",
"length": 178.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-3bf4e0ef",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "isClasspathEntryApproved"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"260361940484754868619678433507258199135",
"257941114198674707603723178448821633431",
"302714639256601764060657704737401592947",
"133678551450884653251810597180862903740",
"250764844445063602303409351233805403831",
"91663333422710068654394273477238715037",
"191748208561920422989774371192298392091",
"275248652921560366798963398647857769444",
"276145280740184397218791875597204229259",
"122554235846930862130993899569107370856",
"228865471316424095314216169803624302583",
"285425833308302712803803511405897052358",
"134819231213317057835333891718519505596",
"251634121320348940618294280846274012810",
"321517032513668797305806634274336692885",
"197394741408185798328770338938301470409",
"220016837184672429461532410184879538689"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-3d4b4266",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/JcascTest.java"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "266175650221538550539642584560277956764",
"length": 485.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-493c98aa",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "setApprovedScriptHashes"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "146689737580251949961240982503556572301",
"length": 1356.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-9d81fddc",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "configuring"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"230238605794982947447331014876973611795",
"25028590040622040997100991315843283341",
"262106430283825024943675215215367828556",
"133510901058071798228620524829430028104",
"26058737929186858734426633308565690771",
"79191464648435272242286539832212257808",
"311776135142131477794372634550704962898",
"56439753932451147732174495314286515367",
"327552152418712628139200389454602262808",
"138908799648786777805821985091308618844",
"95763722256861244071414080398644685812",
"154518304219346855392849056469734401164",
"11706297286840274125833611591298522910",
"104503755721414176091970801893577584462",
"174356380926134217729881322940655520180",
"26761686207080954486807356286763446630",
"158789097117041637163343486610642267349",
"311767448653330256420484369350421219810",
"132730892857703106799538454623997041180",
"228402441253557861922840378069876228999",
"224148789511539955850566154942431914478",
"24115426343467067309730303433636037107",
"128987205705974076450088607280089850250",
"145758359013843892094323650264816439536",
"146568844518295903358171220962715526296",
"100189723878785440286888706617474346563",
"13612701684775307580855339555651709808",
"240829047116300486648755817216845020777",
"60204319424319403462102344172188409925",
"314544719548737105722429699138229760208",
"241327396224147184342021901392948368499",
"335852674422753087265164620957374358718",
"26335083925443849779621893096654678739",
"222388643095609097294153030655251506207",
"72256463038192090355705336773032036966",
"333787151556875598494232174093750351044",
"11796622162608854932778595896630151943",
"71642851961309616532336082267369534582",
"40360174527547759094632722800775133193",
"67993564479591006703254442391389884549",
"8040200327143163779191891742686612501",
"174217793581694441916715395144817924756",
"130425525895389190935122060103547002872",
"176463436353037185277978760478444024724",
"4946970387264401166879121739183814448",
"337814012389478864724653634159530308832",
"302132662367175435640806294400243506968",
"118202676946218195074588302645775757034",
"19780990504146033628613737630485713701",
"107920678542015959232393155191696656435",
"284606913881837033517978689441770992048",
"280204619180712041144188720365607353576",
"77094064914082747639125973703997581925",
"328953728569243587075024454860353401824",
"280189236361070988999615266135281436446",
"198864860680241816763531624595049145425",
"153983431420202133070855944620544254401",
"244833767520454356417727711729537923229",
"118059670372984259137393878444625793997",
"322645340631779704555899144295898607792",
"219778759649539317593645344556487929474",
"194612855295853464578886586585273427699",
"255436124204698346727047876118201352504",
"234666495329605038442319736720801856764",
"282694782750730509879972304879515215301",
"168760491080713495648437065310030605331",
"192850207882311432880500309698176401309",
"83672855130832385057896854909822386165",
"339443498740023133737058455408543505721",
"13477604704246182406179323803034418431",
"78795430653933475995619413202652668291",
"69930284464506175762900547182719217793",
"75665948159542068158994798345603187560",
"193845295023579838034624484587615452920",
"182655136500491783855672544381388379865",
"314426208330174106931059917798603367637",
"133380619457795446720893816143032191797",
"72568004430707422242404864691588545613",
"108267388975630392415343929405952157210",
"313029893569590897280069961386453474509",
"70540851705930207507879632092055814356",
"246869236777710175817747832134771451230",
"284794636557381164295170077294254654310",
"255558791829453380556623661864639622788",
"142045591035723194405713476960393010449",
"300629671568688072856732396665281354983",
"318780275197297560467554393097014762827",
"323520511476755397254834265488449728929",
"26610277536288162581987850347971771736",
"239470364804378576499571360588723766690",
"106305389928924297809668394332158092881",
"326171331865818788813917384471638141810",
"171069833624149326938441948059534759724",
"27595993875120972291914533642053649778",
"321600983831896987602832543806422040033",
"334278094073757907798464669414932369296",
"43681832387792339515329343437392990667",
"154650031971097101228078602739471147553",
"232645043072247376701159760108301242270",
"260355386789791424162143394825617420445",
"281553745372797835015077965348931014062",
"4532652347798649040976969747845198679",
"265680879920079013758910259828695406553",
"69644678121110803072357721140947305787",
"294430677239432775716535998651168222734",
"73343056750144174349708896857478455127",
"24519775393530128498517989264223496156",
"183541621178953177434351910652130498545",
"5459885054063219556802518350387127257",
"27949573853437626325011030699337809272",
"15823761006995189099506663227289855054",
"305439926072478556134694247193578946625",
"255849279968067542079453534464444847652",
"189767112738100178214368276193611407487",
"180032464335441666543080269571476839338",
"164515281978761699666027453851564258919",
"252285582562166630634296109184409560673",
"146096223296558397050919389344476334349",
"312093955210014257290828079688210914510",
"140635404047463825521418462807240593017",
"96159222927892200001117391527337510924",
"45137628309228649432615195057708034062",
"83293834302523927132408381097866382671",
"337346250630276694539790703757661083352",
"110682567151722265823151295610880543250",
"184819948907912803374610719041572171568",
"25810901204222702492987538087710597645",
"128222948199917750193655840617332943800",
"209265962667703328364331410055448956814",
"19826496574867726444565989313499411631",
"224767385093763293286605569533043380860",
"332736066277169812601268652056085861257",
"15128860481069825827788113300023759162",
"224564439553628526041010557752746349563",
"97704007064297803332530992563379378395",
"143629269154252266322766470398150692353",
"27781231757622490736938566156095691076",
"268821927287045249380764753570696239251",
"288435713833379841553916352044192046150",
"47198626178894151389781654885809975374",
"281951333145648200742073959145302920500",
"153855451295590849648444598523463687936",
"277819771944640976579759854050433060889",
"164862617534096848191652313688381386233",
"310879990802145633872661257092941439669",
"130124140794724058600587953383822469336",
"104415919087073469536245958584093174892",
"226022277292308142593134178411211224212",
"37437773657212635021909297890054926696",
"323574709463087537460116314244634675255",
"113169129463186877754173723213148439640",
"47813995540480821729930229075499230803",
"39738259065564756844789107236888956436",
"137247414319968390038906088328954359984",
"49765857873880911128265127426323298098",
"190489919506281692566786864116419567474",
"172610430134124101240311175429782704363",
"228749625788053675838545460552841124212",
"40208354072547096398974261739528771075",
"208652930302641923704019001346573256287",
"145478770635603037370600351677580664226",
"240678110393063701638019422991248310576"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-a8930813",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "72868226864665399202691268455065204431",
"length": 515.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-b501a1d3",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "hashClasspathEntry"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "253371680203947640925278665584428968916",
"length": 119.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-b576c1df",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "isScriptApproved"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "96633588711598299111071703681846902890",
"length": 789.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-b8f516ad",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "configuring"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "44915992432643946629667570677569617985",
"length": 163.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-c925d767",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "preapprove"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "78767049964118590900681436501069124651",
"length": 62.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-ca77a782",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "getHash"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "45344397439606831352327269539930235055",
"length": 350.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-e3138b95",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/JcascTest.java",
"function": "smokeTestEntry"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "54326643943990611982358434672404297070",
"length": 223.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-e78406c7",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/EntryApprovalTest.java",
"function": "Entry"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "173286560121858652328572534068249329513",
"length": 983.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-f3f8d2f7",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "checking"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "225045422999835045371486515074668540893",
"length": 304.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jenkinsci/script-security-plugin/commit/65867aa471265a16198b92fb439782ba3554da66",
"id": "CVE-2022-45379-f78f43af",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java",
"function": "using"
},
"signature_version": "v1"
}
]
}