Cross-Site Request Forgery Vulnerability in Jenkins XebiaLabs XL Release Plugin
CVE-2022-34780

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Xebialabs Xl Release Plugin
Vendor: CVE Published:; 30 June 2022

What is CVE-2022-34780?

A cross-site request forgery (CSRF) vulnerability exists in Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier. This flaw allows malicious actors to make unauthorized requests to an attacker-specified HTTP server using credentials obtained through other means. If exploited, the vulnerability can result in the exposure of sensitive credentials stored in Jenkins, leading to potentially severe repercussions for systems relying on this plugin.

Affected Version(s)

Jenkins XebiaLabs XL Release Plugin <= 22.0.0

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022