First published: Thu Jun 30 2022(Updated: )
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Recipe | <=1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-34794 is a vulnerability in the Jenkins Recipe Plugin version 1.2 and earlier that allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2022-34794 has a severity rating of 6.5 out of 10, which is considered medium severity.
Jenkins Recipe Plugin version 1.2 and earlier is affected by CVE-2022-34794.
To fix CVE-2022-34794, update Jenkins Recipe Plugin to a version later than 1.2.
You can find more information about CVE-2022-34794 in the official Jenkins security advisory: [link](https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000)