Main Vulnerability Database Vulnerabilities #VU67605

#VU67605 Missing Authorization in extreme-feedback - CVE-2022-41242

Published: September 23, 2022

Vulnerability identifier: #VU67605

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-41242

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
extreme-feedback

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected plugin does not perform a permission check in an HTTP endpoint. A remote user can discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps and rename lamps.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://jenkins.io/security/advisory/2022-09-21/

#VU67605 Missing Authorization in extreme-feedback - CVE-2022-41242

Description

Remediation

External links

Please verify you're human