CVE-2023-4301

2023-08-2123:15:09

CWE-352

[email protected]

web.nvd.nist.gov

231

cve-2023-4301

csrf

jenkins

fortify plugin

security vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

NVD

Node

jenkinsfortifyRange<22.2.39jenkins

CPENameOperatorVersion
jenkins:fortifyjenkins fortifylt22.2.39

CPE	Name	Operator	Version
jenkins:fortify	jenkins fortify	lt	22.2.39

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Fortify Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "22.1.38",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]