{"id":"CVE-2022-28136","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.","aliases":["GHSA-vqcx-jw4r-6fp3"],"modified":"2026-04-12T05:59:58.498532Z","published":"2022-03-29T13:15:08.187Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/03/29/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2236"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jiratestresultreporter-plugin","events":[{"introduced":"0"},{"last_affected":"81792855394237a2f78b06f509985a894ac5c008"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"165.v817928553942"}],"cpe":"cpe:2.3:a:jenkins:jiratestresultreporter:*:*:*:*:*:jenkins:*:*"}}],"versions":["1.04","162.v6b2e861f5398","165.v817928553942","JiraTestResultReporter-1.0","JiraTestResultReporter-1.0.1","JiraTestResultReporter-1.0.2","JiraTestResultReporter-1.0.3","JiraTestResultReporter-1.0.4","JiraTestResultReporter-2.0.0","JiraTestResultReporter-2.0.1","JiraTestResultReporter-2.0.10","JiraTestResultReporter-2.0.11","JiraTestResultReporter-2.0.12","JiraTestResultReporter-2.0.13","JiraTestResultReporter-2.0.14","JiraTestResultReporter-2.0.15","JiraTestResultReporter-2.0.2","JiraTestResultReporter-2.0.3","JiraTestResultReporter-2.0.4","JiraTestResultReporter-2.0.5","JiraTestResultReporter-2.0.6","JiraTestResultReporter-2.0.8","JiraTestResultReporter-2.0.8-1","JiraTestResultReporter-2.0.9","wiki-link"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28136.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}