CVE-2022-41255
First published: Wed Sep 21 2022(Updated: )
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Cons3rt | <=1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-41255?
CVE-2022-41255 has been rated as a Medium severity vulnerability.
How do I fix CVE-2022-41255?
To fix CVE-2022-41255, upgrade the Jenkins CONS3RT Plugin to version 1.0.1 or later.
What does CVE-2022-41255 affect?
CVE-2022-41255 affects Jenkins CONS3RT Plugin versions 1.0.0 and earlier.
What type of vulnerability is CVE-2022-41255?
CVE-2022-41255 is a security vulnerability that involves unencrypted storage of sensitive API tokens.
Can users access the vulnerable API tokens in CVE-2022-41255?
Yes, users with access to the Jenkins controller file system can view the unencrypted API tokens affected by CVE-2022-41255.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/jenkins
- canonical/jenkins cons3rt
- version/jenkins cons3rt/1.0.0