Cross-Site Request Forgery Vulnerability in Jenkins Request Rename Or Delete Plugin
CVE-2022-34815
4.3MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 30 June 2022
Summary
A cross-site request forgery (CSRF) vulnerability in the Jenkins Request Rename Or Delete Plugin enables attackers to manipulate pending requests. This flaw allows unauthorized users to rename or delete existing jobs without proper validation. By exploiting this vulnerability, an attacker could potentially disrupt essential workflows, posing a risk to the integrity of Jenkins-managed operations. For more information, refer to the Jenkins security advisory.
Affected Version(s)
Jenkins Request Rename Or Delete Plugin <= 1.1.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved