CVE-2022-30946

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1158.v7c1b 73a 69a 08 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. This occurs because the plugin does not properly validate requests, enabling an attacker to forge requests that Jenkins will execute.

Recommendations For Jenkins Script Security Plugin versions 1158.v7c1b 73a 69a 08 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the Jenkins interface to minimize the risk of CSRF attacks.