CVE-2022-25205

Name of the Vulnerable Software and Affected Versions Jenkins dbCharts Plugin versions 0.5.2 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.

Recommendations For Jenkins dbCharts Plugin versions 0.5.2 and earlier, update to a version later than 0.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the Jenkins instance to minimize the risk of exploitation.