Missing Permission Check in Jenkins Worksoft Execution Manager Plugin
CVE-2022-41246

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Worksoft Execution Manager Plugin
Vendor: CVE Published:; 21 September 2022

What is CVE-2022-41246?

The Worksoft Execution Manager Plugin for Jenkins is susceptible to a missing permission check, which could allow users with Overall/Read permission to exploit the vulnerability. This enables attackers to connect to a URL specified by them, using credential IDs that can be acquired through other means. By doing so, they can capture sensitive credentials stored within Jenkins, posing significant risks to systems and data integrity.

Affected Version(s)

Jenkins Worksoft Execution Manager Plugin <= 10.0.3.503

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Sep 21, 2022