CVE-2022-41252

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 39.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Cons3rt Plugin Jenkins Cons3rt

Timeline

PublishedSep 21

Latest updateSep 22

Description

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:cons3rt1.0.0

▶CVEListV5jenkins_project/jenkins_cons3rt_pluginunspecified — 1.0.0

▶NVDjenkins/cons3rt1.0.0

🔴Vulnerability Details

GHSA

Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs↗2022-09-22

▶

OSV

Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs↗2022-09-22

▶

CVEList

CVE-2022-41252: Missing permission checks in Jenkins CONS3RT Plugin 1↗2022-09-21

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-09-21↗2022-09-21

▶