CVE-2022-34212

Summary

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins vRealize Orchestrator Pluginunspecified <= 3.0affected
Jenkins projectJenkins vRealize Orchestrator Pluginnext of 3.0 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References