Lucene search

[email protected]NVD:CVE-2022-36906

HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36906

2022-07-2715:15:10

CWE-352

[email protected]

web.nvd.nist.gov

csrf

jenkins

openshift deployer plugin

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.1%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

Affected configurations

Nvd

Node

jenkinsopenshift_deployerRange≤1.2.0jenkins

VendorProductVersionCPE
jenkinsopenshift_deployer*cpe:2.3:a:jenkins:openshift_deployer:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	openshift_deployer	*	cpe:2.3:a:jenkins:openshift_deployer::::::jenkins::*

References

www.openwall.com/lists/oss-security/2022/07/27/1

www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

35.1%

JSON

Related for NVD:CVE-2022-36906

osv2 cve1 prion1 github1 cvelist1 nessus1