logo

Database

Cross-site request forgery In org.jenkins-ci.plugins:script-security

Description

CSRF vulnerability in Jenkins Script Security Plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-309462. NVD-2022-309463. OSV-2022-309464. GCVE-2022-30946

References

1. https://github.com/jenkinsci/script-security-plugin/commit/35f6a0b8207ed3a32a85f27c1312da6cd738eeaa2. https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-21163. http://www.openwall.com/lists/oss-security/2022/05/17/8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.