CVE-2022-41255

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins CONS3RT Plugin versions 1.0.0 and earlier

Description The issue allows users with access to the Jenkins controller file system to view the Cons3rt API token, which is stored unencrypted in job config.xml files on the Jenkins controller. This token is part of the plugin's configuration.

Recommendations For Jenkins CONS3RT Plugin versions 1.0.0 and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of the Cons3rt API token being viewed by unauthorized users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

CVE-2022-41255

GHSA-FMQ9-R4P2-8272

Affected Products

Jenkins

Jenkins Cons3Rt Plugin

CVE-2022-41255

Weakness Enumeration

Related Identifiers

Affected Products

References · 7