CVE-2022-36907

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier

Description The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. This can allow unauthorized access to protected information.

Recommendations For Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier, consider disabling the plugin until a patch is available to prevent attackers from exploiting the missing permission check. As a temporary workaround, restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.