CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:bigpanda_notifier:*:*:*:*:*:jenkins:*:*

History

22 Sep 2022, 18:36

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 - (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 - Mailing List, Third Party Advisory
References (CONFIRM) https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243 - (CONFIRM) https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
First Time Jenkins
Jenkins bigpanda Notifier
CPE cpe:2.3:a:jenkins:bigpanda_notifier:*:*:*:*:*:jenkins:*:*

21 Sep 2022, 18:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 -

21 Sep 2022, 16:22

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-21 16:15

Updated : 2022-09-22 18:36


NVD link : CVE-2022-41248

Mitre link : CVE-2022-41248


JSON object : View

Products Affected

jenkins

  • bigpanda_notifier
CWE
CWE-549

Missing Password Field Masking