Lucene search
China National Vulnerability DatabaseCNVD-2022-05040HistoryJan 16, 2022 - 12:00 a.m.
Jenkins Publish Over SSH Plugin Cross-Site Request Forgery Vulnerability
2022-01-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
0.002 Low
EPSS
Percentile
53.1%
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Publish Over SSH Plugin in version 1.22 and earlier contains a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that the request is from a trusted user. An attacker uses attacker-specified credentials to connect to an attacker-specified SSH server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins publish over ssh plugin | le | 1.22 |
Related
cvelist
cvelist
CVE-2022-23111
2022-01-12 19:06:13
github
github
cve
cve
CVE-2022-23111
2022-01-12 20:15:09
osv
osv
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
2022-01-13 00:00:53
CVE-2022-23111
2022-01-12 20:15:09
prion
prion
Cross site request forgery (csrf)
2022-01-12 20:15:00
nvd
nvd
CVE-2022-23111
2022-01-12 20:15:09
nessus
nessus
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
2022-02-15 00:00:00
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00