CVE-2022-36920

Name of the Vulnerable Software and Affected Versions Jenkins Coverity Plugin versions 1.11.4 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenkins. This can be exploited by a remote attacker to perform a CSRF attack.

Recommendations For Jenkins Coverity Plugin versions 1.11.4 and earlier, consider disabling the plugin until a patch is available to prevent potential CSRF attacks. Restrict access to sensitive credentials and URLs to minimize the risk of exploitation.