CVE-2022-41248 - OpenCVE

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Jenkins	Bigpanda Notifier

Configuration 1 [-]

cpe:2.3:a:jenkins:bigpanda_notifier:*:*:*:*:*:jenkins:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/09/21/5	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2022-09-21T15:46:06

Updated: 2023-10-24T14:25:17.396Z

Reserved: 2022-09-21T00:00:00

Link: CVE-2022-41248

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-21T16:15:11.277

Modified: 2023-11-01T21:08:21.113

Link: CVE-2022-41248

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"containers": {"cna": {"affected": [{"product": "Jenkins BigPanda Notifier Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "1.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.4.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:25:17.396Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243"}, {"name": "[oss-security] 20220921 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2022-41248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins BigPanda Notifier Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.4.0"}, {"version_affected": "?>", "version_value": "1.4.0"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-549: Missing Password Field Masking"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243"}, {"name": "[oss-security] 20220921 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/21/5"}]}}}}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-41248", "datePublished": "2022-09-21T15:46:06", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2023-10-24T14:25:17.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}