CVE-2022-25194: 
Java vulnerability analysis and mitigation

A cross-site request forgery (CSRF) vulnerability was discovered in Jenkins autonomiq Plugin versions 1.15 and earlier, identified as CVE-2022-25194. The vulnerability was disclosed on February 15, 2022. This security issue affects the autonomiq Plugin, a Jenkins plugin component (Jenkins Advisory).

The vulnerability stems from an HTTP endpoint that does not perform proper permission checks and does not require POST requests. The vulnerability has a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue is tracked under the CWE-352 category for Cross-Site Request Forgery (CSRF) vulnerabilities (NVD).

The vulnerability allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password credentials. This could potentially lead to unauthorized access and credential exposure (Jenkins Advisory).

The issue has been fixed in autonomiq Plugin version 1.16, which requires POST requests and Overall/Administer permission for the affected HTTP endpoint. Users are advised to upgrade to this version to address the vulnerability (Jenkins Advisory).