CSRF vulnerability in Proxmox Plugin
Moderate severity
GitHub Reviewed
Published
Mar 30, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2024
Description
Published by the National Vulnerability Database
Mar 29, 2022
Published to the GitHub Advisory Database
Mar 30, 2022
Reviewed
Jan 30, 2024
Last updated
Jan 30, 2024
A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.
References