Cross-Site Request Forgery Vulnerability in Jenkins Convertigo Mobile Platform Plugin
CVE-2022-34200

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Convertigo Mobile Platform Plugin
Vendor: CVE Published:; 23 June 2022

Summary

A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Convertigo Mobile Platform Plugin version 1.1 and earlier. This vulnerability allows attackers to forge requests that could lead users to unknowingly connect to an attacker-specified URL, which could compromise sensitive data and potentially lead to unauthorized actions on behalf of the user.

Affected Version(s)

Jenkins Convertigo Mobile Platform Plugin <= 1.1

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 21, 2022