Lucene search

GoogleOSV:GHSA-X9GM-M8PP-54VX

HistoryMay 14, 2022 - 1:38 a.m.

Jenkins JUnit Plugin CSRF vulnerability

2022-05-1401:38:48

Google

osv.dev

jenkins

junit plugin

csrf

vulnerability

testobject.java

description

test result

software

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

27.0%

JSON

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.

References

github.com/jenkinsci/junit-plugin

github.com/jenkinsci/junit-plugin/commit/091ee0dc8dd6023713827ce1a5914fa9fa9b6043

jenkins.io/security/advisory/2018-09-25/#SECURITY-1101

nvd.nist.gov/vuln/detail/CVE-2018-1000411

web.archive.org/web/20200227092927/www.securityfocus.com/bid/106532