GHSA-5mv2-vqq7-mq5h

GitHub Security Advisory

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

✓ GitHub Reviewed MODERATE Has CVE

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation.

These form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Maven org.jenkins-ci.plugins:openshift-deployer

Affected versions: 0 (last affected: 1.2.0)

CVE-2022-36908

GHSA ID

GHSA-5mv2-vqq7-mq5h

Published

July 28, 2022 12:00 AM

Last Modified

December 12, 2022 11:10 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:openshift-deployer

GitHub Reviewed

✓ Yes

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.