CSRF Vulnerability in Kubernetes Continuous Deploy Plugin by Jenkins
CVE-2022-27210

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Kubernetes Continuous Deploy Plugin
Vendor: CVE Published:; 15 March 2022

Summary

A cross-site request forgery (CSRF) vulnerability exists in the Kubernetes Continuous Deploy Plugin for Jenkins, which could allow attackers to leverage attacker-specified credentials IDs to connect to malicious SSH servers. This vulnerability effectively enables unauthorized access to sensitive credentials stored in Jenkins, raising significant security concerns for users of the affected plugin versions. It is crucial for Jenkins users to update to the latest plugin version to mitigate potential security risks.

Affected Version(s)

Jenkins Kubernetes Continuous Deploy Plugin <= 2.3.1

References

https://www.jenkins.io/security/advisory/2022-03-15/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/03/15/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2022
Vulnerability Reserved
Mar 15, 2022