Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051
Related Vulnerabilities
CVE-2016-1000220 Vulnerability in npm package kibana
CVE-2021-21613 Vulnerability in maven package io.jenkins.plugins:tics
CVE-2012-6153 Vulnerability in maven package commons-httpclient:commons-httpclient
CVE-2016-8608 Vulnerability in maven package org.jbpm:jbpm-designer-client
CVE-2015-2156 Vulnerability in maven package io.netty:netty-all