Lucene search

GoogleOSV:GHSA-3Q7F-W8FR-368V

HistoryJul 01, 2022 - 12:01 a.m.

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

2022-07-0100:01:08

Google

osv.dev

jenkins

cross-site request forgery

xpath configuration viewer plugin

xpath expressions

csrf vulnerability

attackers

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.8%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.

References

github.com/jenkinsci/xpath-config-viewer-plugin

nvd.nist.gov/vuln/detail/CVE-2022-34812

www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2658

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.8%

JSON

Related for OSV:GHSA-3Q7F-W8FR-368V