Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2139
Related Vulnerabilities
CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2023-37478 Vulnerability in npm package @pnpm/linuxstatic-arm64
CVE-2020-7021 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-csrf-reactive
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j