CVE-2022-30969

HIGH8.8EPSS 0.11%

Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin

Published: 5/18/2022Modified: 11/8/2023

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.

Affected packages (1)

Maven/org.jenkins-ci.plugins:autocomplete-parameterfrom 0, <= 1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-30969
PATCHhttps://github.com/jenkinsci/autocomplete-parameter-plugin
WEBhttps://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2322