CVE-2022-25207

Name of the Vulnerable Software and Affected Versions Jenkins Chef Sinatra Plugin versions 1.20 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and parse an XML response. The plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to exploit this issue. Furthermore, the plugin's XML parser is not configured to prevent XML external entity (XXE) attacks, enabling attackers to extract secrets from the Jenkins controller or perform server-side request forgery. The form validation method is also vulnerable to CSRF attacks as it does not require POST requests.

Recommendations For Jenkins Chef Sinatra Plugin versions 1.20 and earlier, as a temporary workaround, consider disabling the form validation method until a patch is available. Restrict access to the plugin's XML parser to minimize the risk of XXE attacks. Avoid using the plugin to parse XML responses from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.