CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
Configurations

Configuration 1

cpe:2.3:a:jenkins:chef_sinatra:*:*:*:*:*:jenkins:*:*

Information

Published : 2022-02-15 05:15

Updated : 2022-02-23 08:15


NVD link : CVE-2022-25208

Mitre link : CVE-2022-25208

Products Affected
No products.
CWE