Cross-Site Request Forgery Vulnerability in Jenkins Beaker Builder Plugin
CVE-2022-34207

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Beaker Builder Plugin
Vendor: CVE Published:; 22 June 2022

Summary

A cross-site request forgery (CSRF) vulnerability exists in Jenkins Beaker Builder Plugin that allows an attacker to trick a victim into making a request to a specified URL without their knowledge. This could potentially lead to unauthorized actions being performed on behalf of the victim, compromising the security of the Jenkins environment.

Affected Version(s)

Jenkins Beaker builder Plugin <= 1.10

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2022
Vulnerability Reserved
Jun 21, 2022