{"api_version":"1","generated_at":"2026-04-23T01:15:13+00:00","cve":"CVE-2022-41247","urls":{"html":"https://cve.report/CVE-2022-41247","api":"https://cve.report/api/cve/CVE-2022-41247.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-41247","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-41247"},"summary":{"title":"CVE-2022-41247","description":"Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2022-09-21 16:15:00","updated_at":"2023-11-13 20:57:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243","name":"https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243","refsource":"CONFIRM","tags":[],"title":"Jenkins Security Advisory 2022-09-21","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-41247","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41247","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"41247","vulnerable":"1","versionEndIncluding":"1.4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"bigpanda_notifier","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-41247","qid":"730618","title":"Jenkins Cross-Site Scripting (XSS) Vulnerability (Jenkins Security Advisory 2022-09-21)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-41247","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins BigPanda Notifier Plugin","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"lessThanOrEqual":"1.4.0","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"unknown","version":"next of 1.4.0","versionType":"custom"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243","refsource":"MISC","name":"https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243"}]}},"nvd":{"publishedDate":"2022-09-21 16:15:00","lastModifiedDate":"2023-11-13 20:57:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:bigpanda_notifier:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.4.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}