Cross-Site Request Forgery Vulnerability in Jenkins Katalon Plugin
CVE-2022-43418

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Katalon Plugin
Vendor: CVE Published:; 19 October 2022

Summary

A cross-site request forgery vulnerability exists in the Jenkins Katalon Plugin, specifically in versions 1.0.33 and earlier. This security issue enables attackers to leverage malicious requests that can direct the Jenkins server to connect to unauthorized URLs. By exploiting this vulnerability, an attacker can gain access to sensitive credentials stored in Jenkins by utilizing attacker-specified credentials IDs acquired through phishing or other means. It is crucial for users of this plugin to update to the latest version to mitigate potential risks associated with unauthorized data exposure.

Affected Version(s)

Jenkins Katalon Plugin <= 1.0.33

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECU...

http://www.openwall.com/lists/oss-security/2022/10/19/3

mailing-list

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 18, 2022