CVE-2022-43426

🗓️ 19 Oct 2022 00:00:00Reported by jenkinsType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 72 Views

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-43426	19 Oct 202220:15	–	circl
CNNVD	Jenkins S3 Explorer Plugin 安全漏洞	19 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-43426	19 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-7127	3 Oct 202520:07	–	euvd
Github Security Blog	AWS secrets displayed without masking by Jenkins S3 Explorer Plugin	19 Oct 202219:00	–	github
Tenable Nessus	Jenkins plugins Multiple Vulnerabilities (2022-10-19)	3 Mar 202300:00	–	nessus
NVD	CVE-2022-43426	19 Oct 202216:15	–	nvd
OSV	GHSA-MF4P-WJRM-CMJP AWS secrets displayed without masking by Jenkins S3 Explorer Plugin	19 Oct 202219:00	–	osv
Prion	Design/Logic Flaw	19 Oct 202216:15	–	prion
Positive Technologies	PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1	19 Oct 202200:00	–	ptsecurity

NVD

Node

jenkins s3_explorerRange≤1.0.8jenkins

[
  {
    "product": "Jenkins S3 Explorer Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.0.8",
        "versionType": "custom"
      }
    ]
  }
]