Cross-Site Request Forgery in Jenkins Worksoft Execution Manager Plugin
CVE-2022-41245
8.8HIGH
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 21 September 2022
Summary
A cross-site request forgery (CSRF) vulnerability in the Worksoft Execution Manager Plugin for Jenkins could allow attackers to connect to a malicious URL while utilizing credentials IDs that may have been obtained through other means. This security flaw compromises stored credentials within Jenkins, posing significant risks for organizations relying on this plugin.
Affected Version(s)
Jenkins Worksoft Execution Manager Plugin <= 10.0.3.503
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved