Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2139
Related Vulnerabilities
CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base
CVE-2015-8858 Vulnerability in maven package org.webjars.npm:uglify-js
CVE-2017-1000034 Vulnerability in maven package com.typesafe.akka:akka-actor
CVE-2018-1000146 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:pdfbox