Lucene search
GoogleOSV:GHSA-FV3C-6CW7-2QCQHistoryMay 17, 2022 - 12:33 a.m.
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
2022-05-1700:33:25
Google
osv.dev
6
jenkins
cross-site request forgery
api
post
attacks
projects
permission
functionality
EPSS
0.001
Percentile
34.6%
Jenkins Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it’s similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission. This functionality now is only available via POST.
Related
nvd
nvd
CVE-2017-1000093
2017-10-05 01:29:03
osv
osv
CVE-2017-1000093
2017-10-05 01:29:03
github
github
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
2022-05-17 00:33:25
cvelist
cvelist
CVE-2017-1000093
2017-10-04 01:00:00
prion
prion
Cross site request forgery (csrf)
2017-10-05 01:29:00
cve
cve
CVE-2017-1000093
2017-10-05 01:29:03