Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery

Jenkins Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy acti...

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

Cross site request forgery (csrf)

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it...

CVE-2017-1000093

Summary: CVE-2017-1000093 pertains to the Jenkins Poll SCM Plugin, which failed to require API requests to be sent via POST, exposing it to Cross-Site Request Forgery attacks. This could allow an attacker to initiate polling of projects with a known name. The issue undermines the plugin’s permiss...