3 matches found
com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.27.0), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +5 more potentially affected by CVE-2019-10315 via org.jenkins-ci.plugins:github-oauth (>=0.14 <=0.20)
org.jenkins-ci.plugins:github-oauth MAVEN version =0.14, =1.0.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2019-10315 Source advisory: OSV:GHSA-PHWV-CRGP-9R69...
CVE-2019-10315
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF...
CVE-2019-10315
CVE-2019-10315 : Jenkins GitHub Authentication Plugin versions 0.31 and earlier did not validate the OAuth state parameter, enabling CSRF exposure. Exploitation could allow an attacker to capture the OAuth redirect URL and, if the victim is already authenticated in Jenkins, attach the victim’s Je...