CVE-2022-34201
Description
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier lacks a permission check, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier lacks a permission check, allowing attackers with Overall/Read permission to connect to an attacker-specified URL.
Vulnerability
Description
The Jenkins Convertigo Mobile Platform Plugin, in versions 1.1 and earlier, contains a missing permission check. This flaw originates from the plugin's failure to verify that a user has the appropriate permissions before performing a URL connection action [1][2].
Exploitation
Attackers who have been granted the Overall/Read permission in Jenkins can exploit this vulnerability. They can cause the plugin to connect to an attacker-specified URL, effectively using the Jenkins server as a proxy to reach arbitrary external resources [2]. No additional authentication is required beyond the minimal overall read access.
Impact
Successful exploitation allows an attacker to conduct server-side request forgery (SSRF) attacks. This can be used to scan internal networks, access cloud metadata endpoints, or interact with other systems that are reachable from the Jenkins server, potentially leading to information disclosure or further compromise [2].
Mitigation
The vulnerability is addressed in the Jenkins Security Advisory 2022-06-22. Users should update the Convertigo Mobile Platform Plugin to a version that includes the proper permission check. No workaround is provided [1]. The plugin's repository indicates it integrates Convertigo Mobility Platform projects into Jenkins CI [3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.convertigo.jenkins.plugins:convertigo-mobile-platformMaven | <= 1.1 | — |
Affected products
2- Jenkins project/Jenkins Convertigo Mobile Platform Pluginv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-7495-24mx-hph2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34201ghsaADVISORY
- www.jenkins.io/security/advisory/2022-06-22/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.