Lucene search

JenkinsCVELIST:CVE-2022-25210

HistoryFeb 15, 2022 - 4:11 p.m.

CVE-2022-25210

2022-02-1516:11:48

jenkins

www.cve.org

jenkins

convertigo mobile platform

plugin

passwords

static fields

item/configure permission

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.

CNA Affected

[
  {
    "product": "Jenkins Convertigo Mobile Platform Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2280