CVE-2022-30946
published 2022-05-17CVE-2022-30946: A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | application_detector_plugin | — | — |
| jenkins | autocomplete_parameter_plugin | — | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | global_variable_string_parameter_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | http_requests_in_script_security_plugin | — | — |
| jenkins | jdk_parameter_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | multiselect_parameter_plugin | — | — |
| jenkins | random_string_parameter_plugin | — | — |
| jenkins | repo_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | script_security | < 1172.v35f6a_0b_8207e | 1172.v35f6a_0b_8207e |
| jenkins | script_security_plugin | — | — |
| jenkins | selection_tasks_plugin | — | — |
| jenkins | ssh_plugin | — | — |
| jenkins | storable_configs_plugin | — | — |
| jenkins | while_credentials_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | unspecified – 1158.v7c1b_73a_69a_08 | — |