CVE-2022-34207Cross-Site Request Forgery in Project Jenkins Beaker Builder Plugin

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 80.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Beaker Builder PluginJenkins Beaker Builder
Timeline
PublishedJun 23
Latest updateJun 24

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_beaker_builder_pluginunspecified1.10

🔴Vulnerability Details

3
GHSA
Cross-Site Request Forgery in Jenkins Beaker builder Plugin2022-06-24
OSV
Cross-Site Request Forgery in Jenkins Beaker builder Plugin2022-06-24
CVEList
CVE-2022-34207: A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 12022-06-22

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-06-222022-06-22
CVE-2022-34207 — Cross-Site Request Forgery | cvebase