CVE-2022-25212

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25212

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25212.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25212

Aliases

GHSA-2pj6-5hqc-w5x9

Published

2022-02-15T17:15:11Z

Modified

2024-09-03T04:12:14.370289Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1988

Affected packages

Git / github.com/jenkinsci/swamp-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/swamp-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

36c9d1ba0e66bc268a4207cd340fd196ad498fca

Affected versions

releases/0.*

releases/0.6.1

releases/0.7.10

releases/0.7.11

releases/0.7.2

releases/0.7.3

releases/0.7.4

releases/0.7.5

releases/0.7.7

releases/0.7.8

releases/0.7.9

releases/1.*

releases/1.0.0

releases/1.0.1

swamp-1.*

swamp-1.0.2

swamp-1.0.3

swamp-1.0.4

swamp-1.0.5

swamp-1.0.6

swamp-1.1.0

swamp-1.1.1

swamp-1.1.2

swamp-1.2.0

swamp-1.2.1

swamp-1.2.2

swamp-1.2.3

swamp-1.2.4

swamp-1.2.5

swamp-1.2.6