CVE-2022-41236

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the …/report URL with a report based on attacker-specified report generation options.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Security Inspector Pluginunspecified <= 117.v6eecc36919c2affected
Jenkins projectJenkins Security Inspector Pluginnext of 117.v6eecc36919c2 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References