Sandbox Bypass via CSRF in Jenkins Warnings Plugin

2022-05-1301:31:35

Google

osv.dev

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.

CPENameOperatorVersion
org.jvnet.hudson.plugins:warningseq1.9
org.jvnet.hudson.plugins:warningseq3.15
org.jvnet.hudson.plugins:warningseq4.14
org.jvnet.hudson.plugins:warningseq4.16
org.jvnet.hudson.plugins:warningseq3.8
org.jvnet.hudson.plugins:warningseq3.3
org.jvnet.hudson.plugins:warningseq4.30
org.jvnet.hudson.plugins:warningseq4.57
org.jvnet.hudson.plugins:warningseq3.9
org.jvnet.hudson.plugins:warningseq2.6

Name	Operator	Version
org.jvnet.hudson.plugins:warnings	eq	1.9
org.jvnet.hudson.plugins:warnings	eq	3.15
org.jvnet.hudson.plugins:warnings	eq	4.14
org.jvnet.hudson.plugins:warnings	eq	4.16
org.jvnet.hudson.plugins:warnings	eq	3.8
org.jvnet.hudson.plugins:warnings	eq	3.3
org.jvnet.hudson.plugins:warnings	eq	4.30
org.jvnet.hudson.plugins:warnings	eq	4.57
org.jvnet.hudson.plugins:warnings	eq	3.9
org.jvnet.hudson.plugins:warnings	eq	2.6