A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.

Affected Packages

Maven org.jenkins-ci.plugins:proxmox

Affected versions: 0 (fixed in 0.7.1)

Related CVEs

CVE-2022-28143

Key Information

GHSA ID

GHSA-wjvr-2hjg-6rhj

Published

March 30, 2022 12:00 AM

Last Modified

January 30, 2024 9:07 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:proxmox

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.