CVE-2022-41247

Medium

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins…

jenkins·CWE-522·Published 2022-09-21

CVSS

4.3

EPSS

0.00

KEV

Exploits

cve.orgen

234 chars

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

NVDen

234 chars

OSV.deven

424 chars

BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file `BigpandaGlobalNotifier.xml` on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionally, the global configuration form does not mask the API key, increasing the potential for attackers to observe and capture it.

GHSAen

424 chars

NVDes

289 chars

Jenkins BigPanda Notifier Plugin versiones 1.4.0 y anteriores, almacena la clave de la API de BigPanda sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde pueden ser visualizados por los usuarios con acceso al sistema de archivos del controlador de Jenkins

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	GHSA	3.3	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N