CVE-2022-34810

CWE-862Missing Authorization5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins RQM PluginJenkins RQM
Timeline
PublishedJun 30
Latest updateJul 1

Description

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_rqm_pluginunspecified2.8
NVDjenkins/rqm2.8

🔴Vulnerability Details

3
OSV
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check2022-07-01
GHSA
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check2022-07-01
CVEList
CVE-2022-34810: A missing check in Jenkins RQM Plugin 22022-06-30

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-06-302022-06-30
CVE-2022-34810 (MEDIUM CVSS 6.5) | A missing check in Jenkins RQM Plug | cvebase.io