Arbitrary Code Execution Vulnerability in Jenkins Autocomplete Parameter Plugin

Arbitrary Code Execution Vulnerability in Jenkins Autocomplete Parameter Plugin

CVE-2022-30969 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.

Learn more about our Web Application Penetration Testing UK.