CVE-2022-36887

Name of the Vulnerable Software and Affected Versions Jenkins Job Configuration History Plugin versions 1155.v28a 46a cc06a 5 and earlier

Description The issue is related to a cross-site request forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to perform a CSRF attack, allowing them to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.

Recommendations For Jenkins Job Configuration History Plugin versions 1155.v28a 46a cc06a 5 and earlier, update to version 1156.v536a 97b 8d649 or later, which requires POST requests for the affected HTTP endpoints, mitigating the CSRF vulnerability. At the moment, there is no other information about additional mitigation measures for this vulnerability.