4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-27205

GHSA ID

GHSA-x95c-qrqr-2v27

EPSS Score

0.7476%

CWE

CWE-276

Published

3/16/2022

Updated

2/2/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-27205

CVE-2022-27205:
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF

Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-27205

GHSA ID

GHSA-x95c-qrqr-2v27

EPSS Score

0.7476%

CWE

CWE-276

Published

3/16/2022

Updated

2/2/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:extended-choice-parameter	maven	<= 346.vd87693c5a

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The advisory explicitly states form validation methods lack both permission checks and CSRF protections. In Jenkins plugin architecture, form validation handlers are typically methods named 'doCheck[FieldName]' in parameter definition classes. These methods would normally require POST requests (@RequirePOST annotation) and permission checks (Jenkins.get().checkPermission()). The absence of these protections in URL/property file validation handlers directly enables the described SSRF and CSRF vulnerabilities.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*xt*n*** **oi** P*r*m*t*r Plu*in ***.v*********_*** *n* **rli*r *o*s not p*r*orm * p*rmission ****k on *orm v*li**tion m*t*o*s. T*is *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to *onn**t to *n *tt**k*r-sp**i*i** URL. ***ition*lly, t**s* *orm v*li

Reasoning

T** **visory *xpli*itly st*t*s *orm v*li**tion m*t*o*s l**k *ot* p*rmission ****ks *n* *SR* prot**tions. In J*nkins plu*in *r**it**tur*, *orm v*li**tion **n*l*rs *r* typi**lly m*t*o*s n*m** '*o****k[*i*l*N*m*]' in p*r*m*t*r ***inition *l*ss*s. T**s*

4.3

Basic Information

Concerned about an active attack path?

CVE-2022-27205: CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-27205:
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF

Vulnerability Intelligence
Miggo AI