Cross-Site Request Forgery Vulnerability in Jenkins XPath Configuration Viewer Plugin
CVE-2022-34812
4.3MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 30 June 2022
Summary
A cross-site request forgery (CSRF) vulnerability exists in Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. This flaw allows unauthorized attackers to create and delete XPath expressions on behalf of authenticated users, potentially impacting user data and system integrity. As a result, it is crucial for users to assess their installations and apply necessary security measures to mitigate potential exploitation. More details are provided in the Jenkins security advisory.
Affected Version(s)
Jenkins XPath Configuration Viewer Plugin <= 1.1.1
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved