Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery

2022-05-2416:59:37

Google

osv.dev

0.001 Low

EPSS

Percentile

33.2%

JSON

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CPENameOperatorVersion
org.jenkins-ci.plugins:libvirt-slaveeq1.8
org.jenkins-ci.plugins:libvirt-slaveeq1.8.1
org.jenkins-ci.plugins:libvirt-slaveeq1.8.5
org.jenkins-ci.plugins:libvirt-slaveeq1.8.3
org.jenkins-ci.plugins:libvirt-slaveeq1.8.4

Name	Operator	Version
org.jenkins-ci.plugins:libvirt-slave	eq	1.8
org.jenkins-ci.plugins:libvirt-slave	eq	1.8.1
org.jenkins-ci.plugins:libvirt-slave	eq	1.8.5
org.jenkins-ci.plugins:libvirt-slave	eq	1.8.3
org.jenkins-ci.plugins:libvirt-slave	eq	1.8.4