Skip to main content

Blue Ocean CVE-2022-30953

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2022-05-17 jenkinsci-cert@googlegroups.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 17, 2022 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

AnalysisAI

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Affected products include: Jenkins Blue Ocean.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-40341 HIGH
8.8 Aug 16

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to co

CVE-2017-1000106 HIGH
8.5 Oct 05

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for reposito

CVE-2022-30954 MEDIUM
6.5 May 17

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing att

CVE-2022-30952 MEDIUM
6.5 May 17

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to acce

CVE-2020-2254 MEDIUM
6.5 Sep 16

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacke

CVE-2019-1003012 MEDIUM
6.5 Feb 06

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bu

CVE-2019-1003013 MEDIUM
5.4 Feb 06

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/m

CVE-2017-1000105 MEDIUM
5.3 Oct 05

The optional Run/Artifacts permission can be enabled by setting a Java system property. Rated medium severity (CVSS 5.3)

CVE-2017-1000110 MEDIUM
4.3 Oct 05

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for reposito

CVE-2020-2255 MEDIUM
4.3 Sep 16

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission

Share

CVE-2022-30953 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy