CVE-2022-30946Cross-Site Request Forgery in Jenkins Script Security

CWE-352Cross-Site Request Forgery6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 74.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Script SecurityJenkins Project Jenkins Script Security Plugin
Timeline
PublishedMay 17
Latest updateMay 18

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_script_security_pluginunspecified1158.v7c1b_73a_69a_08
NVDjenkins/script_security< 1172.v35f6a_0b_8207e

🔴Vulnerability Details

3
GHSA
CSRF vulnerability in Jenkins Script Security Plugin2022-05-18
OSV
CSRF vulnerability in Jenkins Script Security Plugin2022-05-18
CVEList
CVE-2022-30946: A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 11582022-05-17

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2022-05-172022-05-17
Red Hat
plugin: CSRF vulnerability in Script Security Plugin2022-05-17
CVE-2022-30946 — Cross-Site Request Forgery in Jenkins | cvebase