Lucene search

K
cve[email protected]CVE-2022-41246
HistorySep 21, 2022 - 4:15 p.m.

CVE-2022-41246

2022-09-2116:15:11
CWE-862
web.nvd.nist.gov
35
4
cve-2022-41246
jenkins
worksoft execution manager plugin
permission check
security
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.8%

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

NVD
Node
jenkinsworksoft_execution_managerRange10.0.3.503jenkins

CNA Affected

[
  {
    "product": "Jenkins Worksoft Execution Manager Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "10.0.3.503",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 10.0.3.503",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.8%