Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051
Related Vulnerabilities
CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2021-21175 Vulnerability in npm package electron
CVE-2016-0709 Vulnerability in maven package org.apache.portals.jetspeed-2:j2-admin
CVE-2012-4386 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2018-1000174 Vulnerability in maven package org.jenkins-ci.plugins:google-login