4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-34200

GHSA ID

GHSA-24h8-cpqm-qmf3

EPSS Score

0.2681%

CWE

CWE-352

Published

6/24/2022

Updated

1/31/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-34200

CVE-2022-34200: Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-34200

CVE-2022-34200:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-34200

GHSA ID

GHSA-24h8-cpqm-qmf3

EPSS Score

0.2681%

CWE

CWE-352

Published

6/24/2022

Updated

1/31/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.convertigo.jenkins.plugins:convertigo-mobile-platform	maven	<= 1.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions two flaws: 1) Missing permission checks in form validation methods, and 2) CSRF due to missing POST request requirements. In Jenkins plugins, form validation is typically handled by doCheck* methods in DescriptorImpl classes. The CWS URL validation would logically be a doCheckCwsUrl method. The absence of @RequirePOST annotation would leave it vulnerable to CSRF via GET requests, and missing permission checks would allow unauthorized access. This matches the pattern of Jenkins plugin CSRF vulnerabilities where form validation endpoints lack proper security controls.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-34200: Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

CVE-2022-34200:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2022-34200: Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

4.3

4.3

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI