First published: Wed Jun 22 2022(Updated: )
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Vrealize Orchestrator | <=3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-34211.
The severity of CVE-2022-34211 is medium with a CVSS score of 6.5.
Jenkins vRealize Orchestrator Plugin versions up to and including 3.0 are affected by CVE-2022-34211.
CVE-2022-34211 is a cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier, which allows attackers to send an HTTP POST request to an attacker-specified URL.
To fix CVE-2022-34211, it is recommended to update Jenkins vRealize Orchestrator Plugin to a version higher than 3.0.