Lucene search

GitHub Advisory DatabaseGHSA-RR93-7C6X-8V4V

HistoryFeb 15, 2023 - 3:30 p.m.

Cross-Site Request Forgery in Jenkins Azure Credentials Plugin

2023-02-1515:30:40

CWE-352

GitHub Advisory Database

github.com

cross-site request forgery

jenkins

azure

credentials plugin

vulnerability

unauthorized access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.6%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.

Affected configurations

Vulners

Node

org.jenkins-ci.plugins\Matchazure-keyvault

CPENameOperatorVersion
org.jenkins-ci.plugins:azure-credentialsle253.v887e0f9e898b

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:azure-credentials	le	253.v887e0f9e898b

References

www.openwall.com/lists/oss-security/2023/02/15/4

github.com/advisories/GHSA-rr93-7c6x-8v4v

github.com/jenkinsci/azure-credentials-plugin/commit/64da8176c83a41bb83d3ad759628c9bd275b42f5

nvd.nist.gov/vuln/detail/CVE-2023-25767

www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1756

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for GHSA-RR93-7C6X-8V4V