Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery

2022-05-2416:52:47

Google

osv.dev

0.001 Low

EPSS

Percentile

26.9%

JSON

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.

CPENameOperatorVersion
org.jenkins-ci.plugins:relution-publishereq1.0
org.jenkins-ci.plugins:relution-publishereq1.17
org.jenkins-ci.plugins:relution-publishereq1.3
org.jenkins-ci.plugins:relution-publishereq1.15
org.jenkins-ci.plugins:relution-publishereq1.2
org.jenkins-ci.plugins:relution-publishereq1.23
org.jenkins-ci.plugins:relution-publishereq1.22
org.jenkins-ci.plugins:relution-publishereq1.5
org.jenkins-ci.plugins:relution-publishereqtrue
org.jenkins-ci.plugins:relution-publishereq1.13

Name	Operator	Version
org.jenkins-ci.plugins:relution-publisher	eq	1.0
org.jenkins-ci.plugins:relution-publisher	eq	1.17
org.jenkins-ci.plugins:relution-publisher	eq	1.3
org.jenkins-ci.plugins:relution-publisher	eq	1.15
org.jenkins-ci.plugins:relution-publisher	eq	1.2
org.jenkins-ci.plugins:relution-publisher	eq	1.23
org.jenkins-ci.plugins:relution-publisher	eq	1.22
org.jenkins-ci.plugins:relution-publisher	eq	1.5
org.jenkins-ci.plugins:relution-publisher	eq	true
org.jenkins-ci.plugins:relution-publisher	eq	1.13