CSRF vulnerability in Jenkins Script Security Plugin

2022-05-1800:00:39

Google

osv.dev

0.001 Low

EPSS

Percentile

38.2%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

CPENameOperatorVersion
org.jenkins-ci.plugins:script-securityeq1.48
org.jenkins-ci.plugins:script-securityeq1.36
org.jenkins-ci.plugins:script-securityeq1125.v132f99385e1b_
org.jenkins-ci.plugins:script-securityeq1.46
org.jenkins-ci.plugins:script-securityeq1.64
org.jenkins-ci.plugins:script-securityeq1145.vb_cf6cf6ed960
org.jenkins-ci.plugins:script-securityeq1.58
org.jenkins-ci.plugins:script-securityeq1.75
org.jenkins-ci.plugins:script-securityeq1.66.4
org.jenkins-ci.plugins:script-securityeq1.21

Name	Operator	Version
org.jenkins-ci.plugins:script-security	eq	1.48
org.jenkins-ci.plugins:script-security	eq	1.36
org.jenkins-ci.plugins:script-security	eq	1125.v132f99385e1b_
org.jenkins-ci.plugins:script-security	eq	1.46
org.jenkins-ci.plugins:script-security	eq	1.64
org.jenkins-ci.plugins:script-security	eq	1145.vb_cf6cf6ed960
org.jenkins-ci.plugins:script-security	eq	1.58
org.jenkins-ci.plugins:script-security	eq	1.75
org.jenkins-ci.plugins:script-security	eq	1.66.4
org.jenkins-ci.plugins:script-security	eq	1.21