Vulnerability: Information Disclosure and Lamp Manipulation in Jenkins extreme-feedback Plugin

Vulnerability: Information Disclosure and Lamp Manipulation in Jenkins extreme-feedback Plugin

CVE-2022-41242 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.

Learn more about our Web Application Penetration Testing UK.