CVE-2022-30953

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Blue Ocean Plugin versions 1.25.3 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified HTTP server. The vulnerability can be exploited by making the victim's browser send an unintended request to the affected HTTP endpoints. In the fixed version, Blue Ocean Plugin 1.25.4, the vulnerability is mitigated by requiring POST requests and the appropriate permissions for the affected endpoints.

Recommendations For Jenkins Blue Ocean Plugin versions 1.25.3 and earlier, update to version 1.25.4 or later, which requires POST requests and the appropriate permissions for the affected HTTP endpoints, thus mitigating the CSRF issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2022-30953

GHSA-HGPQ-42PF-9VFQ

RHSA-2023:0017

RHSA-2023:0560

RHSA-2023:0777

RHSA-2023:3198

RHSA-2023:3610

RHSA-2023:3622

Affected Products

Jenkins

Jenkins Blue Ocean Plugin

CVE-2022-30953

Weakness Enumeration

Related Identifiers

Affected Products

References · 7