Lucene search
JenkinsCVE-2022-36906HistoryJul 27, 2022 - 3:15 p.m.
CVE-2022-36906
2022-07-2715:15:10
CWE-352
jenkins
web.nvd.nist.gov
62
5
cve
2022
36906
csrf
vulnerability
jenkins
openshift
deployer
plugin
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
Affected configurations
Node
jenkinsopenshift_deployerRange≤1.2.0jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | openshift_deployer | * | cpe:2.3:a:jenkins:openshift_deployer:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"product": "Jenkins OpenShift Deployer Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.2.0",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-36906
2022-07-27 15:15:10
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-28 00:00:42
nvd
nvd
CVE-2022-36906
2022-07-27 15:15:10
prion
prion
Cross site request forgery (csrf)
2022-07-27 15:15:00
github
github
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-28 00:00:42
cvelist
cvelist
CVE-2022-36906
2022-07-27 14:26:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
Related for CVE-2022-36906