CVE-2022-25207

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Chef Sinatra Pluginunspecified <= 1.20affected
Jenkins projectJenkins Chef Sinatra Pluginnext of 1.20 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References