GHSA-8528-c6m6-gppm

GitHub Security Advisory

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

✓ GitHub Reviewed MODERATE Has CVE

OpenShift Deployer Plugin 1.2.0 and earlier does not perform a permission check in a method implementing form validation.

This form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Maven org.jenkins-ci.plugins:openshift-deployer

Affected versions: 0 (last affected: 1.2.0)

CVE-2022-36906

GHSA ID

GHSA-8528-c6m6-gppm

Published

July 28, 2022 12:00 AM

Last Modified

December 12, 2022 10:51 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:openshift-deployer

GitHub Reviewed

✓ Yes

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.