GHSA-mrf6-4gw6-65v3, CVE-2022-41242
maven/org.jenkins-ci.plugins/extreme-feedback
Missing Authorization
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.
All versions up to 1.7
Unfortunately, there is no solution available yet.
2022-09-27
source |