Lucene search
GoogleOSV:GHSA-4C2W-WCW4-8JV9HistoryMay 24, 2022 - 4:58 p.m.
Jenkins Rundeck Plugin CSRF vulnerability
2022-05-2416:58:50
Google
osv.dev
5
jenkins
rundeck plugin
csrf
vulnerability
permission checks
connection test
form validation
csrf vulnerability
security
Jenkins Rundeck Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password.
Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability.
Related
cve
cve
CVE-2019-10454
2019-10-16 14:15:13
nvd
nvd
CVE-2019-10454
2019-10-16 14:15:13
alpinelinux
alpinelinux
CVE-2019-10454
2019-10-16 14:15:13
prion
prion
Cross site request forgery (csrf)
2019-10-16 14:15:00
osv
osv
CVE-2019-10454
2019-10-16 14:15:13
cvelist
cvelist
CVE-2019-10454
2019-10-16 13:00:53
github
github
Jenkins Rundeck Plugin CSRF vulnerability
2022-05-24 16:58:50