Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2139
Related Vulnerabilities
CVE-2014-7816 Vulnerability in maven package io.undertow:undertow-core
CVE-2013-6468 Vulnerability in maven package org.drools:drools-workbench-models-test-scenarios
CVE-2023-46279 Vulnerability in maven package org.apache.dubbo:dubbo
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.11
CVE-2022-34917 Vulnerability in maven package org.apache.kafka:kafka-clients