High severityNVD Advisory· Published May 17, 2022· Updated Aug 3, 2024
CVE-2022-30969
CVE-2022-30969
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:autocomplete-parameterMaven | <= 1.1 | — |
Affected products
2- Jenkins project/Jenkins Autocomplete Parameter Pluginv5Range: unspecified
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-7c3v-2jjv-hq3cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30969ghsaADVISORY
- www.jenkins.io/security/advisory/2022-05-17/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2022-05-17Jenkins Security Advisories · May 17, 2022