Lucene search

GitHub Advisory DatabaseGHSA-R52H-FJM7-93J8

HistoryApr 17, 2024 - 3:30 p.m.

BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery

2024-04-1715:30:43

CWE-352

GitHub Advisory Database

github.com

blazemeter

jenkins plugin

cross-site request forgery

credential enumeration

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration.

Affected configurations

Vulners

Node

com.blazemeter.pluginsblazemeterjenkinspluginRange<4.22

VendorProductVersionCPE
com.blazemeter.pluginsblazemeterjenkinsplugin*cpe:2.3:a:com.blazemeter.plugins:blazemeterjenkinsplugin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.blazemeter.plugins	blazemeterjenkinsplugin	*	cpe:2.3:a:com.blazemeter.plugins:blazemeterjenkinsplugin::::::::

References

github.com/advisories/GHSA-r52h-fjm7-93j8

github.com/Blazemeter/blazemeter-jenkins-plugin/commit/11ec94f68136a0612ae1b37b5370053132cb2528

nvd.nist.gov/vuln/detail/CVE-2024-3825

portal.perforce.com/s/detail/a91PA000001STsvYAG

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-R52H-FJM7-93J8