CVE-2022-43418

Name of the Vulnerable Software and Affected Versions Jenkins Katalon Plugin versions 1.0.33 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue arises because the Katalon Plugin does not require POST requests for several HTTP endpoints.

Recommendations For versions 1.0.33 and earlier, update to version 1.0.34 or later, which requires POST requests for the affected HTTP endpoints, mitigating the CSRF vulnerability.