CVE-2022-36886

Name of the Vulnerable Software and Affected Versions Jenkins External Monitor Job Type Plugin versions 191.v363d0d1efdf8 and earlier

Description A cross-site request forgery (CSRF) vulnerability in the Jenkins External Monitor Job Type Plugin allows attackers to create runs of an external job. This issue arises because the plugin does not require POST requests for a specific HTTP endpoint, making it vulnerable to CSRF attacks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For Jenkins External Monitor Job Type Plugin versions 191.v363d0d1efdf8 and earlier, update to version 192.ve979ca 8b 3ccd or later, which requires POST requests for the affected HTTP endpoint, thereby mitigating the CSRF vulnerability.