CVE-2022-34204

Name of the Vulnerable Software and Affected Versions Jenkins EasyQA Plugin versions 1.0 and earlier

Description A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. The form validation method is also vulnerable to cross-site request forgery (CSRF) as it does not require POST requests.

Recommendations For Jenkins EasyQA Plugin versions 1.0 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the plugin's form validation method to minimize the risk of exploitation. Additionally, restrict the Overall/Read permission to prevent attackers from connecting to an attacker-specified HTTP server.