CSRF vulnerability in Zephyr Enterprise Test Management Plugin

2022-05-1301:25:42

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

CPENameOperatorVersion
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.5
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.1
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.2
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.0
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.6
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.4
org.jenkins-ci.plugins:zephyr-enterprise-test-managementeq1.3

Name	Operator	Version
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.5
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.1
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.2
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.0
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.6
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.4
org.jenkins-ci.plugins:zephyr-enterprise-test-management	eq	1.3