Cross-Site Request Forgery in Jenkins Recipe Plugin by Jenkins
CVE-2022-34792

8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Recipe Plugin
Vendor: CVE Published:; 30 June 2022

What is CVE-2022-34792?

A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Recipe Plugin version 1.2 and earlier, allowing attackers to construct HTTP requests that can be sent to a user’s session. If exploited, an attacker could direct an authenticated user to interact with an attacker-controlled URL, leading to potential unauthorized actions. This vulnerability highlights the importance of implementing proper security measures to mitigate risks associated with CSRF attacks, especially in integrations involving plugins.

Affected Version(s)

Jenkins Recipe Plugin <= 1.2

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022