CSRF vulnerability in Jenkins Database Plugin

2022-05-2417:27:06

Google

osv.dev

0.001 Low

EPSS

Percentile

33.2%

JSON

Database Plugin 1.6 and earlier does not require POST requests for the database console, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to execute arbitrary SQL scripts.

Database Plugin 1.7 removes the database console.

CPENameOperatorVersion
org.jenkins-ci.plugins:databaseeq1.4.1
org.jenkins-ci.plugins:databaseeq1.6
org.jenkins-ci.plugins:databaseeq1.3
org.jenkins-ci.plugins:databaseeq1.1
org.jenkins-ci.plugins:databaseeq1.0
org.jenkins-ci.plugins:databaseeq1.5
org.jenkins-ci.plugins:databaseeq1.4

Name	Operator	Version
org.jenkins-ci.plugins:database	eq	1.4.1
org.jenkins-ci.plugins:database	eq	1.6
org.jenkins-ci.plugins:database	eq	1.3
org.jenkins-ci.plugins:database	eq	1.1
org.jenkins-ci.plugins:database	eq	1.0
org.jenkins-ci.plugins:database	eq	1.5
org.jenkins-ci.plugins:database	eq	1.4