GHSA-mrf6-4gw6-65v3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mrf6-4gw6-65v3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-mrf6-4gw6-65v3/GHSA-mrf6-4gw6-65v3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mrf6-4gw6-65v3
- Aliases
-
- CVE-2022-41242
- Published
- 2022-09-22T00:00:28Z
- Modified
- 2024-02-19T05:31:20.601804Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Jenkins extreme-feedback Plugin vulnerable to Missing Authorization
- Details
-
Jenkins extreme-feedback Plugin 1.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.
As of publication of this advisory, there is no fix.
- Database specific
{ "nvd_published_at": "2022-09-21T16:15:00Z", "cwe_ids": [ "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-09-23T13:32:15Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:extreme-feedback
Package
- Name
- org.jenkins-ci.plugins:extreme-feedback
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/extreme-feedback