Cross-Site Request Forgery Vulnerability in Jenkins SCP Publisher Plugin
CVE-2022-25198

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Scp Publisher Plugin
Vendor: CVE Published:; 15 February 2022

Summary

The SCP Publisher Plugin for Jenkins has a cross-site request forgery vulnerability that enables attackers to force the plugin to connect to an SSH server of their choice using credentials provided by the attacker. This flaw poses significant risks as it allows unauthorized access and actions on behalf of authenticated users, potentially leading to data breaches or compromise of the Jenkins environment.

Affected Version(s)

Jenkins SCP publisher Plugin <= 1.8

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022