8 matches found
CSRF vulnerability in Jenkins Security Inspector plugin
Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to replace the generated report stored in a per-session cache and displayed to authorized...
GHSA-933X-5G7R-773Q CSRF vulnerability in Jenkins Security Inspector plugin
Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to replace the generated report stored in a per-session cache and displayed to authorized...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...
CVE-2022-41236
The CVE-2022-41236 entry concerns the Jenkins Security Inspector Plugin (117.v6eecc36919c2 and earlier). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to replace the per-session cached report displayed at the …/report URL with a report generated from attacker-co...
PT-2022-4908 · Jenkins · Jenkins Security Inspector Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Security Inspector Plugin versions 117.v6eecc36919c2 and earlier Description: The issue is related to insufficient authentication of executed POST requests, allowing a remote attacker to perform a cross-site request forgery CSRF attac...