6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-34789

GHSA ID

GHSA-4v5c-5v6c-37pj

EPSS Score

0.2542%

CWE

CWE-352

Published

7/1/2022

Updated

2/2/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-34789

CVE-2022-34789: Jenkins Matrix Reloaded Plugin vulnerable to CSRF

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to rebuild previous matrix builds.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-34789

CVE-2022-34789:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-34789

GHSA ID

GHSA-4v5c-5v6c-37pj

EPSS Score

0.2542%

CWE

CWE-352

Published

7/1/2022

Updated

2/2/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
net.praqma:matrix-reloaded	maven	<= 1.1.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from an HTTP endpoint accepting rebuild requests without POST method enforcement. In Jenkins plugin architecture, such endpoints typically correspond to 'do*' methods in Action classes. The advisory explicitly states the lack of POST requirement, which maps to missing @RequirePOST annotation and CSRF protection in the rebuild handler. While exact code isn't available, this pattern matches Jenkins' vulnerability patterns for CSRF (CWE-352) and the plugin's described functionality.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-34789: Jenkins Matrix Reloaded Plugin vulnerable to CSRF

CVE-2022-34789:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-34789: Jenkins Matrix Reloaded Plugin vulnerable to CSRF

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.5

6.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI