Cross-Site Request Forgery in Jenkins Autonomiq Plugin
CVE-2022-25194

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Autonomiq Plugin
Vendor: CVE Published:; 15 February 2022

What is CVE-2022-25194?

A vulnerability in the Jenkins Autonomiq Plugin allows attackers to initiate unauthorized actions by leveraging cross-site request forgery techniques. This flaw enables the manipulation of server connections using attacker-defined URLs and credentials, thereby posing a significant risk to affected systems. Users of Jenkins Autonomiq Plugin versions 1.15 and earlier should review their configurations and apply necessary security practices to mitigate potential exploitation.

Affected Version(s)

Jenkins autonomiq Plugin <= 1.15

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022