cbcvebase.
CVE-2022-36920
published 2022-07-27

CVE-2022-36920: A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
jenkinsandroid_signing_plugin
jenkinsbmc_ami_devx_code_debug_code_coverage_plugin
jenkinsbmc_ami_devx_code_pipeline_operations_plugin
jenkinsbuckminster_plugin
jenkinsclif_performance_testing_plugin
jenkinscode_pipeline_plugin
jenkinscompuware_topaz_utilities_plugin
jenkinscoverity<= 1.11.4
jenkinscoverity_plugin
jenkinsdeployer_framework_plugin
jenkinsdynamic_extended_choice_parameter_plugin
jenkinsexternal_monitor_job_type_plugin
jenkinsfiles_found_trigger_plugin
jenkinsfor_more_information_see_the_plugin
jenkinsgit_client_plugin
jenkinsgit_plugin
jenkinsgithub_plugin
jenkinsgoogle_cloud_backup_plugin
jenkinshashicorp_vault_plugin
jenkinshttp_request_plugin
jenkinsjenkins_ci_server_plugin
jenkinsjob_configuration_history_plugin
jenkinslack_of_authentication_mechanism_in_git_plugin
jenkinslucene-search_plugin
jenkinsmaven_metadata_plugin