Lucene search
GoogleOSV:GHSA-6F4Q-F5FJ-Q6FCHistoryJul 26, 2023 - 3:30 p.m.
CSRF vulnerability in Bazaar Plugin
2023-07-2615:30:57
Google
osv.dev
4
csrf
vulnerability
jenkins
bazaar
plugin
http
endpoint
attackers
delete
scm
tags
software
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.0005 Low
EPSS
Percentile
17.7%
Jenkins Bazaar Plugin 1.22 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to delete previously created Bazaar SCM tags.
Related
prion
prion
Cross site request forgery (csrf)
2023-07-26 14:15:00
nvd
nvd
CVE-2023-39156
2023-07-26 14:15:10
cvelist
cvelist
CVE-2023-39156
2023-07-26 13:54:55
cve
cve
CVE-2023-39156
2023-07-26 14:15:10
github
github
CSRF vulnerability in Bazaar Plugin
2023-07-26 15:30:57
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-07-29 10:40:42
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-07-26)
2023-07-28 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.0005 Low
EPSS
Percentile
17.7%
Related for OSV:GHSA-6F4Q-F5FJ-Q6FC