CVE-2022-45393 is a cross-site request forgery (CSRF) vulnerability identified in the Jenkins Delete log Plugin version 1.0 and earlier. Jenkins is a widely used open-source automation server that facilitates continuous integration and continuous delivery (CI/CD) pipelines. The Delete log Plugin allows users to delete build logs from Jenkins projects. The vulnerability arises because the plugin does not adequately verify the authenticity of requests to delete build logs, allowing an attacker to craft a malicious web request that, when executed by an authenticated Jenkins user, can delete build logs without the user's explicit consent. This CSRF vulnerability requires that the attacker lure an authenticated Jenkins user to visit a specially crafted URL or web page, which then triggers the deletion of build logs. The CVSS 3.1 base score is 3.5, reflecting a low severity level. The vector indicates that the attack can be performed remotely over the network (AV:N), requires low attack complexity (AC:L), requires privileges (PR:L) meaning the victim must be an authenticated user with some level of permission, and requires user interaction (UI:R). The impact is limited to integrity (I:L) as the attacker can delete build logs, but there is no impact on confidentiality or availability. No known exploits are reported in the wild, and no patches are linked in the provided information, suggesting that mitigation may require manual updates or configuration changes. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery).

For European organizations using Jenkins with the Delete log Plugin, this vulnerability could lead to unauthorized deletion of build logs, which are critical for auditing, troubleshooting, and compliance purposes. Loss of build logs can hinder incident investigations, obscure the history of build and deployment activities, and potentially delay response to other security incidents. Although the vulnerability does not allow direct code execution or data exfiltration, the integrity compromise of build logs can indirectly affect operational security and compliance with regulatory frameworks such as GDPR or industry-specific standards. Organizations with strict audit requirements or those in regulated sectors (finance, healthcare, critical infrastructure) may find this particularly impactful. Since exploitation requires an authenticated user to be tricked into visiting a malicious link, the risk is higher in environments where users have elevated privileges and where phishing or social engineering attacks are prevalent.

1. Upgrade or patch the Jenkins Delete log Plugin to a version that addresses this CSRF vulnerability as soon as an official fix is available. 2. Implement strict CSRF protection mechanisms in Jenkins, including enabling built-in CSRF protection features and verifying that all plugins comply with these protections. 3. Restrict plugin usage and permissions to only trusted users and roles with minimal necessary privileges to reduce the risk of misuse. 4. Educate Jenkins users about phishing and social engineering risks, emphasizing caution when clicking on links, especially those received via email or untrusted sources. 5. Monitor Jenkins logs and audit trails for unusual deletion activities or access patterns that could indicate exploitation attempts. 6. Consider network-level protections such as web application firewalls (WAFs) that can detect and block suspicious CSRF attempts targeting Jenkins interfaces. 7. Regularly review and harden Jenkins security configurations, including session timeouts, user access controls, and plugin inventories to minimize attack surface.