CVE-2022-41232

Name of the Vulnerable Software and Affected Versions Jenkins Build-Publisher Plugin versions 1.22 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.

Recommendations For Jenkins Build-Publisher Plugin versions 1.22 and earlier, as a temporary workaround, consider restricting access to the API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.