Miggo Logo
Miggo Vulnerability Database
CVE-2022-43413

CVE-2022-43413: Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-43413
GHSA ID
GHSA-4g29-r7vj-2rpv
EPSS Score
0.22066%
CWE
CWE-862
Published
10/19/2022
Updated
1/4/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:job-import-pluginmaven<= 3.53.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows these two functions were modified to add Jenkins.get().hasPermission(JOB_IMPORT) checks in version 3.6. Prior to this fix, these HTTP endpoint handlers: 1) doFillCredentialIdItems - directly exposed credential IDs through UI controls 2) doFillJenkinsSitesItems - revealed Jenkins site configurations. Both lacked authorization checks, enabling credential ID enumeration via the plugin's web interface components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Jo* Import Plu*in *.* *n* **rli*r *o*s not p*r*orm * p*rmission ****k in *n *TTP *n*point, *llowin* *tt**k*rs wit* Ov*r*ll/R*** p*rmission to *num*r*t* *r***nti*ls I*s o* *r***nti*ls stor** in J*nkins. *n *num*r*tion o* *r***nti*ls I*s in Jo*

Reasoning

T** *ommit *i** s*ows t**s* two *un*tions w*r* mo*i*i** to *** `J*nkins.**t().**sP*rmission(JO*_IMPORT)` ****ks in v*rsion *.*. Prior to t*is *ix, t**s* `*TTP` *n*point **n*l*rs: *) `*o*ill*r***nti*lI*It*ms` - *ir**tly *xpos** *r***nti*l I*s t*rou**