CVE-2022-41247
First published: Wed Sep 21 2022(Updated: )
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Bigpanda Notifier | <=1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of Jenkins BigPanda Notifier Plugin?
The vulnerability ID of Jenkins BigPanda Notifier Plugin is CVE-2022-41247.
What is the severity of CVE-2022-41247?
The severity of CVE-2022-41247 is medium, with a CVSS score of 4.3.
What is affected by CVE-2022-41247?
Jenkins BigPanda Notifier Plugin version 1.4.0 and earlier are affected by CVE-2022-41247.
How does CVE-2022-41247 impact Jenkins?
CVE-2022-41247 allows users with access to the Jenkins controller file system to view the unencrypted BigPanda API key stored in the global configuration file.
Is there a fix available for CVE-2022-41247?
Yes, the fix for CVE-2022-41247 is to upgrade Jenkins BigPanda Notifier Plugin to a version later than 1.4.0.
- collector/nvd-index
- collector/nvd-api
- vendor/jenkins
- canonical/jenkins bigpanda notifier
- version/jenkins bigpanda notifier/1.4.0