vulnerability

Jenkins Advisory 2022-09-21: CVE-2022-41245: CVE-2022-41246: CSRF vulnerability and missing permission check in Worksoft Execution Manager Plugin allow capturing credentials

Try Surface Command
Back to search
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 22, 2022
Added
Sep 22, 2022
Modified
Aug 11, 2025

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Solution

jenkins-upgrade-2_370

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today