Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42860
HistoryAug 21, 2023 - 4:49 a.m.

Cross-site Request Forgery

2023-08-2104:49:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
vulnerability
githubscm.java
http endpoint
attacker
github credentials
software

0.001 Low

EPSS

Percentile

23.2%

blueocean is vulnerable to Cross-site Request Forgery. The vulnerability is due to a lack of requiring POST requests for an HTTP endpoint in GithubScm.java, which allows an attacker to view github credentials.

0.001 Low

EPSS

Percentile

23.2%