CVE-2022-34789

Name of the Vulnerable Software and Affected Versions Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to rebuild previous matrix builds. This issue arises because the plugin does not require POST requests for an HTTP endpoint, making it vulnerable to CSRF attacks.

Recommendations For Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier, consider disabling the rebuild functionality for matrix builds until a patch is available. Restrict access to the affected HTTP endpoint to minimize the risk of exploitation. As a temporary workaround, ensure that all rebuild requests are validated to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.