CVE-2022-30953
published 2022-05-17CVE-2022-30953: A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | application_detector_plugin | — | — |
| jenkins | autocomplete_parameter_plugin | — | — |
| jenkins | blue_ocean | <= 1.25.3 | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | global_variable_string_parameter_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | http_requests_in_script_security_plugin | — | — |
| jenkins | jdk_parameter_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | multiselect_parameter_plugin | — | — |
| jenkins | random_string_parameter_plugin | — | — |
| jenkins | repo_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | selection_tasks_plugin | — | — |
| jenkins | ssh_plugin | — | — |
| jenkins | storable_configs_plugin | — | — |
| jenkins | while_credentials_plugin | — | — |
| jenkins_project | jenkins_blue_ocean_plugin | unspecified – 1.25.3 | — |