CVE-2022-34797
Description
CSRF vulnerability in Jenkins Deployment Dashboard Plugin allows attackers to connect to attacker-specified HTTP URLs using attacker-specified credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in Jenkins Deployment Dashboard Plugin allows attackers to connect to attacker-specified HTTP URLs using attacker-specified credentials.
Vulnerability
Overview
A cross-site request forgery (CSRF) vulnerability exists in Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier. The plugin fails to validate or require a CSRF token for a specific form submission, allowing an attacker to trick a Jenkins user into performing unintended actions [1][2].
Exploitation
An attacker can craft a malicious web page or email that, when visited by an authenticated Jenkins user with appropriate permissions, triggers a forged request to the Jenkins server. This request causes the plugin to connect to an attacker-specified HTTP URL using attacker-supplied credentials. No additional authentication is required from the attacker beyond luring the victim [1].
Impact
Successful exploitation enables the attacker to make the Jenkins server initiate outbound HTTP connections to arbitrary URLs, potentially exfiltrating sensitive data, interacting with internal services, or performing actions on external systems using attacker-controlled credentials. The impact depends on the network position of the Jenkins server and the credentials provided [2].
Mitigation
The vulnerability is fixed in a subsequent release of the Deployment Dashboard Plugin. Users should upgrade to the latest version as recommended in the Jenkins security advisory. No workarounds are documented [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2-deployment-dashboardMaven | <= 1.0.10 | — |
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- github.com/advisories/GHSA-x4g7-5xrm-5wmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34797ghsaADVISORY
- www.jenkins.io/security/advisory/2022-06-30/mitrex_refsource_CONFIRM
- www.jenkins.io/security/advisory/2022-06-30/ghsaWEB
News mentions
0No linked articles in our index yet.