CSRF vulnerability in Jenkins Release plugin

2022-05-1403:45:49

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.

CPENameOperatorVersion
org.jenkins-ci.plugins:releaseeq2.1
org.jenkins-ci.plugins:releaseeq2.4.1
org.jenkins-ci.plugins:releaseeq2.5.3
org.jenkins-ci.plugins:releaseeq2.4
org.jenkins-ci.plugins:releaseeq2.6
org.jenkins-ci.plugins:releaseeq2.0
org.jenkins-ci.plugins:releaseeq2.8
org.jenkins-ci.plugins:releaseeq2.3
org.jenkins-ci.plugins:releaseeq2.2
org.jenkins-ci.plugins:releaseeq2.9

Name	Operator	Version
org.jenkins-ci.plugins:release	eq	2.1
org.jenkins-ci.plugins:release	eq	2.4.1
org.jenkins-ci.plugins:release	eq	2.5.3
org.jenkins-ci.plugins:release	eq	2.4
org.jenkins-ci.plugins:release	eq	2.6
org.jenkins-ci.plugins:release	eq	2.0
org.jenkins-ci.plugins:release	eq	2.8
org.jenkins-ci.plugins:release	eq	2.3
org.jenkins-ci.plugins:release	eq	2.2
org.jenkins-ci.plugins:release	eq	2.9