Lucene search

GoogleOSV:GHSA-22C3-WHJV-HRFM

HistoryAug 16, 2023 - 3:30 p.m.

Jenkins Folders Plugin cross-site request forgery vulnerability

2023-08-1615:30:17

Google

osv.dev

jenkins

folders plugin

csrf

vulnerability

http

endpoint

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.5%

JSON

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to copy a view inside a folder.

Folders Plugin 6.848.ve3b_fd7839a_81 requires POST requests for the affected HTTP endpoint.

References

www.openwall.com/lists/oss-security/2023/08/16/3

nvd.nist.gov/vuln/detail/CVE-2023-40337

www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.5%

JSON

Related for OSV:GHSA-22C3-WHJV-HRFM