Login Sign Up

CVE-2022-25192

8.8 HIGH
CSRF

📋 TL;DR

The Jenkins Snow Commander Plugin contains a CSRF vulnerability that allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-controlled servers using stolen credential IDs. This enables credential theft from Jenkins credential stores. Organizations using Jenkins with the Snow Commander Plugin are affected.

💻 Affected Systems

Products:
  • Jenkins Snow Commander Plugin
Versions: 1.10 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Jenkins with Snow Commander Plugin installed and configured with credentials.

📦 What is this software?

Snow Commander by Jenkins

View all CVEs affecting Snow Commander →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal all credentials stored in Jenkins, potentially gaining access to production systems, databases, and other sensitive infrastructure.

🟠

Likely Case

Attackers capture specific credentials used by the Snow Commander Plugin, potentially compromising cloud resources or external systems.

🟢

If Mitigated

With proper CSRF protections and credential isolation, impact is limited to the specific plugin's functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires an authenticated Jenkins user to visit a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11 or later

Vendor Advisory: https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2536

Restart Required: Yes

Instructions:

1. Update Jenkins Snow Commander Plugin to version 1.11 or later via Jenkins Plugin Manager. 2. Restart Jenkins after plugin update.

🔧 Temporary Workarounds

Disable Snow Commander Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

Navigate to Jenkins > Manage Jenkins > Manage Plugins > Installed tab > Find Snow Commander Plugin > Disable

Implement CSRF Protection

all

Ensure Jenkins global CSRF protection is enabled

Navigate to Jenkins > Manage Jenkins > Configure Global Security > Check 'Prevent Cross Site Request Forgery exploits'

🧯 If You Can't Patch

  • Isolate Jenkins instance from internet access
  • Implement strict network segmentation and monitor for credential usage anomalies

🔍 How to Verify

Check if Vulnerable:

Check plugin version in Jenkins > Manage Jenkins > Manage Plugins > Installed tab > Snow Commander Plugin

Check Version:

Check Jenkins web interface or plugin manifest file

Verify Fix Applied:

Verify Snow Commander Plugin version is 1.11 or higher in Jenkins Plugin Manager

📡 Detection & Monitoring

Log Indicators:

  • Unexpected connections to external servers from Snow Commander Plugin
  • Credential access patterns from unusual IPs

Network Indicators:

  • Outbound connections from Jenkins to unknown servers on ports used by Snow Commander

SIEM Query:

source="jenkins.log" AND ("Snow Commander" OR "snow-commander") AND (connection OR credential)

📊 Metadata

CVE ID: CVE-2022-25192
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: February 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25192, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)