PT-2022-22077 · Jenkins · Jenkins Beaker Builder Plugin+1
Justin Philip
·
Published
2022-06-22
·
Updated
2023-11-03
·
CVE-2022-34207
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Beaker builder Plugin versions 1.10 and earlier
Description
A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL. This can be exploited by attackers to perform unauthorized actions.
Recommendations
For Jenkins Beaker builder Plugin versions 1.10 and earlier, update to a version later than 1.10 to resolve the issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Beaker Builder Plugin