CVE-2022-28152 — Cross-Site Request Forgery in Project Jenkins JOB AND Node Ownership Plugin
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 65.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 29
Latest updateMar 30
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4