CVE-2022-41248

Summary

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins BigPanda Notifier Pluginunspecified <= 1.4.0affected
Jenkins projectJenkins BigPanda Notifier Pluginnext of 1.4.0 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References