Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-XC7Q-P3F4-Q389
HistoryMay 24, 2022 - 4:56 p.m.

Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

2022-05-2416:56:45
Google
osv.dev
8
jenkins
project inheritance plugin
cross-site request forgery
http endpoint
permission check
post requests

EPSS

0.001

Percentile

26.7%

JSON

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration.

A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did not require POST requests, resulting in a CSRF vulnerability.

The HTTP endpoint triggering project creation now requires Item/Create permission and submission of requests via POST.

Related

prion 1
cve 1
nvd 1
github 1
cvelist 1
alpinelinux 1
prion
prion
Cross site request forgery (csrf)
2019-09-25 16:15:00
cve
cve
CVE-2019-10408
2019-09-25 16:15:10
nvd
nvd
CVE-2019-10408
2019-09-25 16:15:10
github
github
Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery
2022-05-24 16:56:45
cvelist
cvelist
CVE-2019-10408
2019-09-25 15:05:32
alpinelinux
alpinelinux
CVE-2019-10408
2019-09-25 16:15:10

EPSS

0.001

Percentile

26.7%

JSON
Related for OSV:GHSA-XC7Q-P3F4-Q389
prion1cve1nvd1github1cvelist1alpinelinux1