Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin
CVE-2022-30969

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Autocomplete Parameter Plugin
Vendor: CVE Published:; 17 May 2022

What is CVE-2022-30969?

A Cross-Site Request Forgery vulnerability exists in the Jenkins Autocomplete Parameter Plugin version 1.1 and earlier, allowing attackers to perform unauthorized actions on behalf of an administrator. When exploited, this flaw enables an attacker to execute arbitrary code within the Jenkins environment, bypassing sandbox protections. This underscores the critical need for Jenkins users to adopt secure configurations and apply the latest updates to mitigate such risks.

Affected Version(s)

Jenkins Autocomplete Parameter Plugin <= 1.1

References

https://www.jenkins.io/security/advisory/2022-05-17/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
May 16, 2022