GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2023-28676

A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...

PT-2023-2189 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: The issue is related to the incorrect handling of code generation in the Convert To Pipeline Plugin, specifically in the Freestyle Project Configuration Handler componen...