CVE-2022-36906

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier

Description A cross-site request forgery (CSRF) vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified username and password. This issue arises because the plugin does not perform a permission check in a method implementing form validation, and this method does not require POST requests. The vulnerability can be exploited by a remote attacker to perform a CSRF attack.

Recommendations For Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier, consider disabling the form validation method until a patch is available to prevent exploitation of the CSRF vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.