CVE-2022-41232

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
8.0HIGH
EPSS
0.0%
top 88.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Build-publisher PluginJenkins Build-publisher
Timeline
PublishedSep 21
Latest updateSep 22

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_build-publisher_pluginunspecified1.22

🔴Vulnerability Details

3
GHSA
Jenkins build-publisher plugin vulnerable to cross-site request forgery2022-09-22
OSV
Jenkins build-publisher plugin vulnerable to cross-site request forgery2022-09-22
CVEList
CVE-2022-41232: A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 12022-09-21

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-09-212022-09-21
CVE-2022-41232 (HIGH CVSS 8) | A cross-site request forgery (CSRF) | cvebase.io