CVE-2022-41255
Description
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.349
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-41253,CVE-2022-41252,CVE-2022-41254,CVE-2022-41255 are affected in Jenkins - cons3rt 1.0.0 | Windows |
| Vulnerabilities CVE-2022-41253,CVE-2022-41252,CVE-2022-41254,CVE-2022-41255 are affected in Jenkins - cons3rt for Linux 1.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234