CVE-2022-43413
published 2022-10-19CVE-2022-43413: Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_total_test_plugin | — | — |
| jenkins | bmc_ami_strobe_measurement_task_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | contrast_continuous_application_security_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | custom_checkbox_parameter_plugin | — | — |
| jenkins | cve-2022-43401_in_script_security_plugin | — | — |
| jenkins | declarative_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | fireline_plugin | — | — |
| jenkins | generic_webhook_trigger_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | groovy_libraries_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | job_import | < 3.6 | 3.6 |
| jenkins | job_import_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | katalon_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | nunit_plugin | — | — |
| jenkins | repo_plugin | — | — |
| jenkins | s3_explorer_plugin | — | — |