CVE-2022-41242

Summary

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins extreme-feedback Pluginunspecified <= 1.7affected
Jenkins projectJenkins extreme-feedback Pluginnext of 1.7 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References