Cross-Site Request Forgery Vulnerability in Jenkins Script Security Plugin by Jenkins
CVE-2022-30946

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Script Security Plugin
Vendor: CVE Published:; 17 May 2022

What is CVE-2022-30946?

A cross-site request forgery vulnerability exists in the Jenkins Script Security Plugin, allowing attackers to manipulate the server into sending unauthorized HTTP requests to a web server of their choice. This could lead to unauthorized actions being performed within the Jenkins environment, potentially compromising the integrity and confidentiality of the impacted systems. It is crucial for users of the affected versions to apply the necessary security updates to mitigate this risk.

Affected Version(s)

Jenkins Script Security Plugin <= 1158.v7c1b_73a_69a_08

Jenkins Script Security Plugin 1.78.1

Jenkins Script Security Plugin 1145.1148.vf6d17a_a_a_eef6

References

https://www.jenkins.io/security/advisory/2022-05-17/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/05/17/8

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
May 16, 2022