Lucene search
GoogleOSV:GHSA-8528-C6M6-GPPMHistoryJul 28, 2022 - 12:00 a.m.
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-2800:00:42
Google
osv.dev
13
jenkins
openshift
deployer
plugin
csrf
vulnerability
permission check
form validation
post requests
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation.
This form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Related
osv
osv
CVE-2022-36906
2022-07-27 15:15:10
cve
cve
CVE-2022-36906
2022-07-27 15:15:10
prion
prion
Cross site request forgery (csrf)
2022-07-27 15:15:00
nvd
nvd
CVE-2022-36906
2022-07-27 15:15:10
github
github
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
2022-07-28 00:00:42
cvelist
cvelist
CVE-2022-36906
2022-07-27 14:26:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
35.1%
Related for OSV:GHSA-8528-C6M6-GPPM