The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility ...

GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2023-28676

A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...

PT-2023-2189 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: The issue is related to the incorrect handling of code generation in the Convert To Pipeline Plugin, specifically in the Freestyle Project Configuration Handler componen...