CVE-2022-25208

Summary

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Chef Sinatra Pluginunspecified <= 1.20affected
Jenkins projectJenkins Chef Sinatra Pluginnext of 1.20 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References