CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41252
https://notcve.org/view.php?id=CVE-2022-41252
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins CONS3RT Plugin versiones 1.0.0 y anteriores, permite a usuarios con permiso Overall/Read enumerar el ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/09/21/5 https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2752 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41251
https://notcve.org/view.php?id=CVE-2022-41251
A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Apprenda Plugin versiones 2.2.0 y anteriores, permite a usuarios con permiso de Overall/Read enumerar los ID de credenciales de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/09/21/5 https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2710 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41250
https://notcve.org/view.php?id=CVE-2022-41250
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins SCM HttpClient Plugin versiones 1.5 y anteriores, permite a atacantes con permiso Overall/Read conectarse a un servidor HTTP especificado por el atacante usando IDs de credenciales especificados por el atacante obtenidos mediante otro método, capturando credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/09/21/5 https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2708 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41249
https://notcve.org/view.php?id=CVE-2022-41249
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de falsificación de tipo cross-site request forgery (CSRF) en Jenkins SCM HttpClient Plugin versiones 1.5 y anteriores, permite a atacantes conectarse a un servidor HTTP especificado por el atacante usando IDs de credenciales especificados por el atacante obtenidos mediante otro método, capturando credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/09/21/5 https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2708 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41248
https://notcve.org/view.php?id=CVE-2022-41248
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. Jenkins BigPanda Notifier Plugin versiones 1.4.0 y anteriores, no enmascara la clave de la API de BigPanda en el formulario de configuración global, aumentando la posibilidad a los atacantes de observarlas y capturarlas • http://www.openwall.com/lists/oss-security/2022/09/21/5 https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243 • CWE-312: Cleartext Storage of Sensitive Information •