CVE-2022-41248
First published: Wed Sep 21 2022(Updated: )
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Bigpanda Notifier | <=1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Jenkins BigPanda Notifier Plugin vulnerability?
The vulnerability ID for this Jenkins BigPanda Notifier Plugin vulnerability is CVE-2022-41248.
What is the title of this Jenkins BigPanda Notifier Plugin vulnerability?
The title of this Jenkins BigPanda Notifier Plugin vulnerability is 'Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form'.
What is the severity of CVE-2022-41248?
The severity of CVE-2022-41248 is medium with a CVSSv3 score of 5.3.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Jenkins BigPanda Notifier Plugin version up to and including 1.4.0.
How can attackers exploit this vulnerability?
Attackers can observe and capture the BigPanda API key on the global configuration form.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins bigpanda notifier
- version/jenkins bigpanda notifier/1.4.0