GHSA-35R9-GFQF-R6CW Missing permission check in Jenkins vRealize Orchestrator Plugin

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

Jenkins vRealize Orchestrator Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

Design/Logic Flaw

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34212

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34212

CVE-2022-34212 : Jenkins vRealize Orchestrator Plugin 3.0 and earlier has a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send a POST request to an attacker-specified URL. The issue is part of a broader set of Jenkins plugin vulnerabilities repor...

CVE-2022-34211

CVE-2022-34211 describes a CSRF in the Jenkins vRealize Orchestrator Plugin (versions 3.0 and earlier) where an attacker can induce the plugin’s HTTP endpoint to perform a POST to a URL of the attacker’s choosing. The root cause is a lack of permission checks on the vulnerable HTTP endpoint, enab...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

PT-2022-22082 · Vmware +1 · Jenkins Vrealize Orchestrator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins vRealize Orchestrator Plugin versions 3.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP POST request to an attacker-specified URL. This issue enables attackers to perform...