PT-2022-22369 · Jenkins · Jenkins Failed Job Deactivator Plugin+1
Long Nguyen
·
Published
2022-06-30
·
Updated
2023-11-22
·
CVE-2022-34817
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Failed Job Deactivator Plugin versions 1.2.1 and earlier
Jenkins versions 2.286 and earlier
Jenkins LTS versions 2.277.1 and earlier
Description
A cross-site request forgery (CSRF) issue allows attackers to disable jobs. This issue is exploitable in specific versions of Jenkins.
Recommendations
For Jenkins Failed Job Deactivator Plugin versions 1.2.1 and earlier, update to a version later than 1.2.1.
For Jenkins versions 2.286 and earlier, update to a version later than 2.286.
For Jenkins LTS versions 2.277.1 and earlier, update to a version later than 2.277.1.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Failed Job Deactivator Plugin