2 matches found
CVE-2023-37962
A cross-site request forgery CSRF vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the Jenkins controller file system...
CVE-2023-37962
CVE-2023-37962 concerns Jenkins Benchmark Evaluator Plugin versions 1.0.1 and earlier. A CSRF flaw arises because a form-validation method lacks a permission check and does not require POST, enabling attackers with Overall/Read permission to trigger connections to attacker-specified URLs and to p...