CVE-2022-30969 — Cross-Site Request Forgery in Project Jenkins Autocomplete Parameter Plugin

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 70.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Autocomplete Parameter Plugin Jenkins Autocomplete Parameter

Timeline

PublishedMay 17

Latest updateMay 18

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_autocomplete_parameter_pluginunspecified — 1.1

▶NVDjenkins/autocomplete_parameter1.1

🔴Vulnerability Details

OSV

Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin↗2022-05-18

▶

GHSA

Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin↗2022-05-18

▶

CVEList

CVE-2022-30969: A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1↗2022-05-17

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-05-17↗2022-05-17

▶