CVE-2022-36911

Name of the Vulnerable Software and Affected Versions Jenkins Openstack Heat Plugin versions 1.5 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL. The issue is related to the lack of permission checks in methods implementing form validation, which do not require POST requests. This enables a remote attacker to perform a CSRF attack.

Recommendations For Jenkins Openstack Heat Plugin versions 1.5 and earlier, consider disabling the form validation methods until a patch is available to prevent exploitation of the CSRF vulnerability. Restrict access to the plugin's functionality to minimize the risk of attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.