CVE-2022-36911

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 78.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Openstack Heat PluginJenkins Openstack Heat
Timeline
PublishedJul 27
Latest updateJul 28

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_openstack_heat_pluginunspecified1.5

🔴Vulnerability Details

3
GHSA
CSRF vulnerability in Jenkins openstack-heat Plugin2022-07-28
OSV
CSRF vulnerability in Jenkins openstack-heat Plugin2022-07-28
CVEList
CVE-2022-36911: A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 12022-07-27

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-07-272022-07-27
CVE-2022-36911 (MEDIUM CVSS 6.5) | A cross-site request forgery (CSRF) | cvebase.io