CVE-2022-41242

Name of the Vulnerable Software and Affected Versions Jenkins extreme-feedback Plugin versions 1.7 and earlier

Description The issue is related to a missing permission check in the Jenkins extreme-feedback Plugin, allowing attackers with Overall/Read permission to access sensitive information. This includes discovering job names attached to lamps, MAC and IP addresses of existing lamps, and renaming lamps. The exploitation of this issue can impact the confidentiality and integrity of protected information.

Recommendations For Jenkins extreme-feedback Plugin versions 1.7 and earlier, as a temporary workaround, consider restricting access to the plugin's HTTP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.