CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41246

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2237

Products affected by CVE-2022-41246

Jenkins » Worksoft Execution Manager » Version: 10.0.0.7

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.0.7
Jenkins » Worksoft Execution Manager » Version: 10.0.1.19

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.1.19
Jenkins » Worksoft Execution Manager » Version: 10.0.2.27

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.2.27
Jenkins » Worksoft Execution Manager » Version: 10.0.3.503

cpe:2.3:a:jenkins:worksoft_execution_manager:10.0.3.503

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41246

Products

Pricing

Contact Us