CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41245

A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237

Products affected by CVE-2022-41245

Jenkins » Worksoft Execution Manager » Version: 10.0.0.7

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.0.7
Jenkins » Worksoft Execution Manager » Version: 10.0.1.19

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.1.19
Jenkins » Worksoft Execution Manager » Version: 10.0.2.27

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.2.27
Jenkins » Worksoft Execution Manager » Version: 10.0.3.503

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.3.503

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41245

Products

Pricing

Contact Us