A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CPE | Name | Operator | Version |
---|---|---|---|
crx_content_package_deployer | le | 1.8.1 |