CVE-2022-34782

Name of the Vulnerable Software and Affected Versions Jenkins requests-plugin Plugin versions 2.2.16 and earlier

Description An incorrect permission check in the Jenkins requests-plugin Plugin allows attackers with Overall/Read permission to view the list of pending requests. This issue is similar to a previously reported vulnerability, whose fix was ineffective. The plugin requires Overall/Administer permission to view the list of pending requests in version 2.2.17.

Recommendations For Jenkins requests-plugin Plugin versions 2.2.16 and earlier, update to version 2.2.17 or later, which requires Overall/Administer permission to view the list of pending requests. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.