CVE-2022-25207Cross-Site Request Forgery in Project Jenkins Chef Sinatra Plugin

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 77.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Chef Sinatra PluginJenkins Chef Sinatra
Timeline
PublishedFeb 15
Latest updateFeb 16

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_chef_sinatra_pluginunspecified1.20

🔴Vulnerability Details

3
GHSA
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE2022-02-16
OSV
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE2022-02-16
CVEList
CVE-2022-25207: A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 12022-02-15

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-02-152022-02-15
CVE-2022-25207 — Cross-Site Request Forgery | cvebase