CVE-2022-41242

🗓️ 21 Sep 2022 15:46:01Reported by jenkinsType

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers to discover information about job names attached to lamps, MAC and IP addresses of existing lamps, and rename lamps

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the Jenkins extreme-feedback plugin lies in the lack of permission checking in the connected module, which allows attackers to compromise the confidentiality and integrity of the protected information.	10 Jan 202300:00	–	bdu_fstec
CNNVD	Jenkins extreme-feedback Plugin 安全漏洞	21 Sep 202200:00	–	cnnvd
CVE	CVE-2022-41242	21 Sep 202215:46	–	cve
EUVD	EUVD-2022-6879	3 Oct 202520:07	–	euvd
Github Security Blog	Jenkins extreme-feedback Plugin vulnerable to Missing Authorization	22 Sep 202200:00	–	github
Tenable Nessus	Jenkins weekly < 2.370 Multiple Vulnerabilities	7 Oct 202200:00	–	nessus
Tenable Nessus	Jenkins plugins Multiple Vulnerabilities (2022-09-21)	7 Oct 202200:00	–	nessus
NVD	CVE-2022-41242	21 Sep 202216:15	–	nvd
OSV	CVE-2022-41242	21 Sep 202216:15	–	osv
OSV	GHSA-MRF6-4GW6-65V3 Jenkins extreme-feedback Plugin vulnerable to Missing Authorization	22 Sep 202200:00	–	osv

[
  {
    "product": "Jenkins extreme-feedback Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.7",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jenkins	www.jenkins.io/security/advisory/2022-09-21/

24 Oct 2023 14:25Current

5.9Medium risk

Vulners AI Score5.9

EPSS0.00396