CSRF Vulnerability in Jenkins Snow Commander Plugin
CVE-2022-25192

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Snow Commander Plugin
Vendor: CVE Published:; 15 February 2022

What is CVE-2022-25192?

A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Snow Commander Plugin version 1.10 and earlier. This flaw allows attackers to send unauthorized requests to the Jenkins server, potentially leading to credential theft. By leveraging this vulnerability, attackers can connect to a malicious web server using credentials obtained through other means, compromising the security of Jenkins user accounts.

Affected Version(s)

Jenkins Snow Commander Plugin <= 1.10

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022