Lucene search
JenkinsCVELIST:CVE-2022-25207HistoryFeb 15, 2022 - 4:11 p.m.
CVE-2022-25207
2022-02-1516:11:43
jenkins
www.cve.org
3
cve-2022-25207
cross-site request forgery
jenkins
chef sinatra plugin
http request
xml response
EPSS
0.001
Percentile
34.3%
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CNA Affected
[
{
"product": "Jenkins Chef Sinatra Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-25207
2022-02-15 17:15:11
osv
osv
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE
2022-02-16 00:01:15
CVE-2022-25207
2022-02-15 17:15:11
nvd
nvd
CVE-2022-25207
2022-02-15 17:15:11
prion
prion
Cross site request forgery (csrf)
2022-02-15 17:15:00
cnvd
cnvd
Jenkins Chef Sinatra Plugin Cross-Site Request Forgery Vulnerability
2022-02-17 00:00:00
github
github
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE
2022-02-16 00:01:15
