Cross-Site Request Forgery Vulnerability in Jenkins CONS3RT Plugin
CVE-2022-41253

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Cons3rt Plugin
Vendor: CVE Published:; 21 September 2022

Summary

A cross-site request forgery vulnerability has been identified in the Jenkins CONS3RT Plugin, allowing attackers to connect to a specified HTTP server using credentials that may be exploited through various means. This issue affects versions 1.0.0 and earlier of the CONS3RT Plugin, enabling unauthorized access to stored credentials within Jenkins, which poses a significant risk to the integrity and confidentiality of user data.

Affected Version(s)

Jenkins CONS3RT Plugin <= 1.0.0

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/09/21/5

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Sep 21, 2022