CVE-2022-41236

2022-09-2116:15:10

CWE-352

jenkins

web.nvd.nist.gov

cve-2022-41236

cross-site request forgery

csrf

jenkins security inspector plugin

vulnerability

security

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the …/report URL with a report based on attacker-specified report generation options.

Affected configurations

Nvd

Node

jenkinssecurity_inspectorRange≤117.v6eecc36919c2jenkins

VendorProductVersionCPE
jenkinssecurity_inspector*cpe:2.3:a:jenkins:security_inspector:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	security_inspector	*	cpe:2.3:a:jenkins:security_inspector::::::jenkins::*

CNA Affected

[
  {
    "product": "Jenkins Security Inspector Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "117.v6eecc36919c2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 117.v6eecc36919c2",
        "versionType": "custom"
      }
    ]
  }
]