CVE-2022-43417

CVSS v3.1 4.3 (Medium)

EPSS 0.05 % (23^th)

Affected Products 1

Advisories 2

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-10-19 16:15:11
(23 months ago)
Updated Date: 2023-11-01 20:43:40
(10 months ago)

Affected Products

Jenkins

Katalon

Configuration #1

		CPE23	From	Up To
	Jenkins Katalon for Jenkins prior 1.0.33 version	cpe:2.3:a:jenkins:katalon::::::jenkins		< 1.0.33