Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, windocks-start-container is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to trick users into initiating connections to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Missing Authorization

Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...

Jenkins Start Windocks Containers Plugin is missing a permission check

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

EUVD-2025-36659

Jenkins Start Windocks Containers Plugin is missing a permission check...

EUVD-2025-36660

Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery...

Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

GHSA-MJ6V-4WR4-GJ57 Jenkins Start Windocks Containers Plugin is missing a permission check

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

GHSA-6MGR-3374-4P3C Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64139

CVE-2025-64139 affects Jenkins Start Windocks Containers Plugin versions 1.4 and earlier. A missing permission check on an HTTP endpoint allows an attacker with Overall/Read permission to connect to an attacker-specified URL. Related advisories corroborate that this wormable-like behavior is via ...

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-64138

The CVE-2025-64138 entry concerns Jenkins Start Windocks Containers Plugin (versions 1.4 and earlier). The issue is a CSRF vulnerability in an HTTP endpoint that allows attackers with Overall/Read permission to trigger connections to an attacker-specified URL, even without POST requests. Multiple...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...