Cross-Site Request Forgery in Jenkins Publish Over FTP Plugin
CVE-2022-29050

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Publish Over Ftp Plugin
Vendor: CVE Published:; 12 April 2022

Summary

The Jenkins Publish Over FTP Plugin prior to version 1.17 is susceptible to a cross-site request forgery (CSRF) vulnerability. This issue enables attackers to send unauthorized commands to the application, potentially allowing them to connect to an FTP server using credentials of their choosing. As attackers can leverage this vulnerability to initiate actions on behalf of unsuspecting users, it poses a significant risk to affected systems. Users are advised to upgrade to the latest version to mitigate this security risk.

Affected Version(s)

Jenkins Publish Over FTP Plugin <= 1.16

References

https://www.jenkins.io/security/advisory/2022-04-12/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Apr 11, 2022