CVE-2022-41252

Description

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

Related CPE's

a jenkins cons3rt *****jenkins **

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2752

Vendor Advisory

[oss-security] 20220921 Multiple vulnerabilities in Jenkins and Jenkins plugins

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io