CVE-2022-43413EPSS p41.0%
CVE-2022-43413CVE-2022-43413
jenkins / job_import
Description
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Scoring
| CVSS | 4.3 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| EPSS | 0.54% probability of exploitation · percentile 41.0% · 2026-06-18T12:00:27Z |
| Last modified | 2026-06-17 |