The Jenkins Translation plugin is vulnerable to cross-site request forgery (CSRF) attacks. POST requests don’t require a form submission to be submitted. Leveraging this, attackers can override localized strings displayed to all users when the victim is a Jenkins administrator.
CPE | Name | Operator | Version |
---|---|---|---|
hudson translation assitance plugin | le | 1.5 | |
hudson translation assistance plugin | le | 1.10-h-1 |