Home

CVE-2022-25208

Description

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.124

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-25209,CVE-2022-25207,CVE-2022-25208,CVE-2019-1003086,CVE-2019-1003087 are affected in Jenkins - sinatra-chef-builder 1.20Windows
Vulnerabilities CVE-2022-25209,CVE-2022-25207,CVE-2022-25208,CVE-2019-1003086,CVE-2019-1003087 are affected in Jenkins - sinatra-chef-builder for Linux 1.20Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234