Lucene search
GoogleOSV:GHSA-5MV2-VQQ7-MQ5HHistoryJul 28, 2022 - 12:00 a.m.
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-2800:00:42
Google
osv.dev
17
jenkins
openshift
deployer
plugin
csrf
vulnerability
form validation
permission checks
methods
cross-site request forgery
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation.
These form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Related
osv
osv
CVE-2022-36908
2022-07-27 15:15:10
github
github
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-28 00:00:42
cvelist
cvelist
CVE-2022-36908
2022-07-27 14:26:31
prion
prion
Cross site request forgery (csrf)
2022-07-27 15:15:00
nvd
nvd
CVE-2022-36908
2022-07-27 15:15:10
cve
cve
CVE-2022-36908
2022-07-27 15:15:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
Related for OSV:GHSA-5MV2-VQQ7-MQ5H