[MAVEN:GHSA-QWGX-MRV5-87J8] CSRF vulnerability in Jenkins Script Security Plugin

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/script-security	<= 1158.v7c1b

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/script-security	= 1172.v35f6a

ID

MAVEN:GHSA-QWGX-MRV5-87J8

Severity

moderate

URL

https://github.com/advisories/GHSA-qwgx-mrv5-87j8

Published

2022-05-18T00:00:39
(2 years ago)

Modified

2023-01-28T05:02:16
(19 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-2116

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-30946
			https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116
			http://www.openwall.com/lists/oss-security/2022/05/17/8
			https://github.com/jenkinsci/script-security-plugin/commit/35f6a0b8207ed3a32a85f27c1312da6cd738eeaa
			https://github.com/advisories/GHSA-qwgx-mrv5-87j8

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/script-security	org.jenkins-ci.plugins	script-security	<= 1158.v7c1b
Fixed	pkg:maven/org.jenkins-ci.plugins/script-security	org.jenkins-ci.plugins	script-security	= 1172.v35f6a

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date