CVE-2022-36882

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Git Pluginunspecified <= 4.11.3affected
Jenkins projectJenkins Git Plugin4.9.3unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References