CVE-2022-34211

Name of the Vulnerable Software and Affected Versions Jenkins vRealize Orchestrator Plugin versions 3.0 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to send an HTTP POST request to an attacker-specified URL. This issue enables attackers to perform unauthorized actions on behalf of the user.

Recommendations For Jenkins vRealize Orchestrator Plugin versions 3.0 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to sensitive areas of the application to minimize the risk of unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.