GHSA-phr4-94xx-259m

Опубликовано: 22 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8

Описание

Jenkins build-publisher plugin vulnerable to cross-site request forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. There is currently no workaround or patch as this plugin has been suspended.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:build-publisher

maven

Затронутые версииВерсия исправления

<= 1.22

Отсутствует

EPSS

Процентиль: 27%

0.00098

Низкий

8 High

CVSS3

CVE ID

CVE-2022-41232

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-41232

CVSS3: 8

nvd

больше 3 лет назад

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.

EPSS

Процентиль: 27%

0.00098

Низкий

8 High

CVSS3

CVE ID

CVE-2022-41232

Дефекты

CWE-352