vulnerability

Jenkins Advisory 2022-09-21: CVE-2022-41255: API token stored in plain text by CONS3RT Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:C/I:N/A:N)	Sep 22, 2022	Sep 22, 2022	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:N)

Published

Sep 22, 2022

Added

Sep 22, 2022

Modified

Mar 27, 2026

Description

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Solution

jenkins-upgrade-2_370

References

CVE-2022-41255
https://attackerkb.com/topics/CVE-2022-41255
CWE-522
EUVD-EUVD-2022-6803
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-6803
https://jenkins.io/security/advisory/2022-09-21/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today