CVE-2022-34206

Name of the Vulnerable Software and Affected Versions Jenkins Jianliao Notification Plugin versions 1.1 and earlier

Description A missing permission check in the plugin allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. This issue also results in a cross-site request forgery (CSRF) vulnerability, as the form validation method does not require POST requests.

Recommendations For Jenkins Jianliao Notification Plugin versions 1.1 and earlier, as a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.