Vulnerabilities > CVE-2022-43431 - Missing Authorization vulnerability in Jenkins Compuware Strobe Measurement

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2022-10-19

Updated: 2024-11-21

Summary

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Compuware Strobe Measurement *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.openwall.com/lists/oss-security/2022/10/19/3
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631