Lucene search
China National Vulnerability DatabaseCNVD-2022-55658HistoryJun 24, 2022 - 12:00 a.m.
Jenkins vRealize Orchestrator Plugin跨站请求伪造漏洞
2022-06-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.001 Low
EPSS
Percentile
21.6%
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0 and earlier versions have a cross-site request forgery vulnerability that stems from the plugin’s failure to perform permission checks in the HTTP endpoint. An attacker could use this vulnerability to send HTTP POST requests to enable cross-site request forgery attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins vrealize orchestrator plugin | lt | 3.0 |
Related
github
github
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
2022-06-24 00:00:32
cve
cve
CVE-2022-34211
2022-06-23 17:15:17
osv
osv
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
2022-06-24 00:00:32
prion
prion
Cross site request forgery (csrf)
2022-06-23 17:15:00
nvd
nvd
CVE-2022-34211
2022-06-23 17:15:17
alpinelinux
alpinelinux
CVE-2022-34211
2022-06-23 17:15:17
cvelist
cvelist
CVE-2022-34211
2022-06-22 14:41:55
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.14 / 2.332.4.1 / 2.346.1.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-06-22)
2022-07-05 00:00:00
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
2022-07-15 00:00:00