CVE-2022-25210 — Improper Synchronization in Project Jenkins Convertigo Mobile Platform Plugin

CWE-662 — Improper Synchronization CWE-820 — Missing Synchronization5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Convertigo Mobile Platform Plugin Jenkins Convertigo Mobile Platform

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_convertigo_mobile_platform_pluginunspecified — 1.1

▶NVDjenkins/convertigo_mobile_platform1.1

Patches

Patch: www.jenkins.io ↗Patch: www.jenkins.io ↗

🔴Vulnerability Details

GHSA

Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin↗2022-02-16

▶

OSV

Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin↗2022-02-16

▶

CVEList

CVE-2022-25210: Jenkins Convertigo Mobile Platform Plugin 1↗2022-02-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-02-15↗2022-02-15

▶