CVE-2022-25210

Name of the Vulnerable Software and Affected Versions Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier

Description The issue allows attackers with Item/Configure permission to capture passwords of jobs that will be configured, due to the use of static fields to store job configuration information.

Recommendations For Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier, consider restricting access to the Item/Configure permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.