CVE-2022-34817 – de.einsundeins.jenkins.plugins.failedjobdeactivator:failedjobdeactivator

Package

Manager: maven
Name: de.einsundeins.jenkins.plugins.failedjobdeactivator:failedjobdeactivator
Vulnerable Version: >=0 <=1.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00084 pctl0.25307

Details

Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. This CSRF vulnerability is only exploitable in Jenkins 2.286 and earlier, LTS 2.277.1 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.277/#upgrading-to-jenkins-lts-2-277-2).

Metadata

Created: 2022-07-01T00:01:08Z
Modified: 2022-12-09T16:16:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-cp6q-836q-gmj3/GHSA-cp6q-836q-gmj3.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-cp6q-836q-gmj3
Finding: F007
Auto approve: 1