CVE-2022-41255

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:cons3rt:*:*:*:*:*:jenkins:*:*

History

22 Sep 2022, 18:47

Type Values Removed Values Added
CPE cpe:2.3:a:jenkins:cons3rt:*:*:*:*:*:jenkins:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Jenkins
Jenkins cons3rt
References (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 - (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 - Mailing List
References (CONFIRM) https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759 - (CONFIRM) https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759 - Vendor Advisory

21 Sep 2022, 18:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/5 -

21 Sep 2022, 16:22

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-21 16:15

Updated : 2022-09-22 18:47


NVD link : CVE-2022-41255

Mitre link : CVE-2022-41255


JSON object : View

Products Affected

jenkins

  • cons3rt
CWE
CWE-256

Unprotected Storage of Credentials