CVE-2022-34208

Name of the Vulnerable Software and Affected Versions Jenkins Beaker builder Plugin versions 1.10 and earlier

Description A missing permission check in the Jenkins Beaker builder Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also results in a cross-site request forgery (CSRF) vulnerability because the form validation method does not require POST requests.

Recommendations For Jenkins Beaker builder Plugin versions 1.10 and earlier, as a temporary workaround, consider restricting access to the plugin's form validation method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.